#1 · cve_id CVE-2022-22545 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁high ▁privileged ▁user ▁who ▁has ▁access ▁to ▁transaction ▁ SM 59 ▁can ▁read ▁connection ▁details ▁stored ▁with ▁the ▁destination ▁for ▁http ▁calls ▁in SAP NetWeaver ▁Application ▁Server ABAP ▁and ABAP Plat ▁form ▁ - ▁versions ▁700 ▁70 1 ▁70 2 ▁7 10 ▁7 11 ▁7 30 ▁7 31 ▁7 40 ▁ 750 ▁75 1 ▁75 2 ▁75 3 ▁75 4 ▁75 5 ▁75 6 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700 701 702 710 711 730 731 740 750 751 752 753 754 755 756.
SHAP (words)A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700 701 702 710 711 730 731 740 750 751 752 753 754 755 756
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A high privileged user who has access to transaction SM ##5 ##9 can read connection details stored with the destination for http calls in SAP NetWeaver App l ##ica ##tion Server ABAP and ABAP Plat form - versions 700 70 ##1 70 ##2 71 ##0 71 ##1 73 ##0 73 ##1 74 ##0 750 75 ##1 75 ##2 75 ##3 75 ##4 75 ##5 75 ##6 . [SEP]
LRP (+Pred, pos-only)[CLS] A high privileged user who has access to transaction SM ##5 ##9 can read connection details stored with the destination for http calls in SAP NetWeaver App l ##ica ##tion Server ABAP and ABAP Plat form - versions 700 70 ##1 70 ##2 71 ##0 71 ##1 73 ##0 73 ##1 74 ##0 750 75 ##1 75 ##2 75 ##3 75 ##4 75 ##5 75 ##6 . [SEP]
LIME (words)A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700 701 702 710 711 730 731 740 750 751 752 753 754 755 756.
SHAP (words)A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700 701 702 710 711 730 731 740 750 751 752 753 754 755 756
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A high privileged user who has access to transaction SM ##5 ##9 can read connection details stored with the destination for http calls in SAP NetWeaver App l ##ica ##tion Server ABAP and ABAP Plat form - versions 700 70 ##1 70 ##2 71 ##0 71 ##1 73 ##0 73 ##1 74 ##0 750 75 ##1 75 ##2 75 ##3 75 ##4 75 ##5 75 ##6 . [SEP]
LRP (+Pred, pos-only)[CLS] A high privileged user who has access to transaction SM ##5 ##9 can read connection details stored with the destination for http calls in SAP NetWeaver App l ##ica ##tion Server ABAP and ABAP Plat form - versions 700 70 ##1 70 ##2 71 ##0 71 ##1 73 ##0 73 ##1 74 ##0 750 75 ##1 75 ##2 75 ##3 75 ##4 75 ##5 75 ##6 . [SEP]
LIME (words)A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700 701 702 710 711 730 731 740 750 751 752 753 754 755 756.
SHAP (words)A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700 701 702 710 711 730 731 740 750 751 752 753 754 755 756
Download method SVGs Download ALL-in-one SVG
#2 · cve_id CVE-2021-40046 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)PCManager ▁versions ▁11 . 1 . 1 . 95 ▁has ▁a ▁privilege escalation ▁vulnerability . Successful ▁exploit ▁could ▁allow ▁the ▁attacker ▁to ▁access ▁certain ▁resource ▁beyond ▁its ▁privilege . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.
SHAP (words)PCManager versions 11. 1. 1. 95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] PCManager versions 11 . 1 . 1 . 95 has a privilege escalation vulnerability . Successful exploit could allow the attacker to access certain resource beyond its privilege . [SEP]
LRP (+Pred, pos-only)[CLS] PCManager versions 11 . 1 . 1 . 95 has a privilege escalation vulnerability . Successful exploit could allow the attacker to access certain resource beyond its privilege . [SEP]
LIME (words)PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.
SHAP (words)PCManager versions 11. 1. 1. 95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] PCManager versions 11 . 1 . 1 . 95 has a privilege escalation vulnerability . Successful exploit could allow the attacker to access certain resource beyond its privilege . [SEP]
LRP (+Pred, pos-only)[CLS] PCManager versions 11 . 1 . 1 . 95 has a privilege escalation vulnerability . Successful exploit could allow the attacker to access certain resource beyond its privilege . [SEP]
LIME (words)PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.
SHAP (words)PCManager versions 11. 1. 1. 95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege
Download method SVGs Download ALL-in-one SVG
#3 · cve_id CVE-2021-31761 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Webmin ▁1 . 97 3 ▁is ▁affected ▁by ▁reflected ▁Cross ▁Site Scripting ▁ ( XSS ▁ ) ▁to ▁achieve Remote ▁Command Execution ▁through Webmin ▁ ' s ▁running ▁process ▁feature . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
SHAP (words)Webmin 1. 973 is affected by reflected Cross Site Scripting ( XSS) to achieve Remote Command Execution through Webmin' s running process feature
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Webmin 1 . 97 ##3 is affected by reflected Cross S ite Scripting ( XSS ) to achieve Remote Command Execution through Webmin ' s running process feature . [SEP]
LRP (+Pred, pos-only)[CLS] Webmin 1 . 97 ##3 is affected by reflected Cross S ite Scripting ( XSS ) to achieve Remote Command Execution through Webmin ' s running process feature . [SEP]
LIME (words)Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
SHAP (words)Webmin 1. 973 is affected by reflected Cross Site Scripting ( XSS) to achieve Remote Command Execution through Webmin' s running process feature
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Webmin 1 . 97 ##3 is affected by reflected Cross S ite Scripting ( XSS ) to achieve Remote Command Execution through Webmin ' s running process feature . [SEP]
LRP (+Pred, pos-only)[CLS] Webmin 1 . 97 ##3 is affected by reflected Cross S ite Scripting ( XSS ) to achieve Remote Command Execution through Webmin ' s running process feature . [SEP]
LIME (words)Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
SHAP (words)Webmin 1. 973 is affected by reflected Cross Site Scripting ( XSS) to achieve Remote Command Execution through Webmin' s running process feature
Download method SVGs Download ALL-in-one SVG
#4 · cve_id CVE-2022-41745 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An Out-of-Bounds ▁access ▁vulnerability ▁in Trend ▁Micro Apex ▁One ▁could ▁allow ▁a ▁local ▁attacker ▁to ▁create ▁a spec ▁ i ally ▁crafted ▁message ▁to ▁cause ▁memory ▁corruption ▁on ▁a ▁certain ▁service ▁process ▁which ▁could ▁lead ▁to ▁local ▁privilege escalation ▁on ▁affected ▁installations . ▁Please ▁note : ▁an ▁attacker ▁must ▁first ▁obtain ▁the ▁ability ▁to ▁execute low-privileged ▁code ▁on ▁the ▁target ▁system ▁in ▁order ▁to ▁exploit ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
SHAP (words)An Out- of- Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low- privileged code on the target system in order to exploit this vulnerability
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a spec i ##ally crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations . Please note : an attacker must first obtain the ability to exec u ##te low-privileged code on the tar get system in order to exploit this vulnerability . [SEP]
LRP (+Pred, pos-only)[CLS] An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a spec i ##ally crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations . Please note : an attacker must first obtain the ability to exec u ##te low-privileged code on the tar get system in order to exploit this vulnerability . [SEP]
LIME (words)An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
SHAP (words)An Out- of- Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low- privileged code on the target system in order to exploit this vulnerability
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a spec i ##ally crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations . Please note : an attacker must first obtain the ability to exec u ##te low-privileged code on the tar get system in order to exploit this vulnerability . [SEP]
LRP (+Pred, pos-only)[CLS] An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a spec i ##ally crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations . Please note : an attacker must first obtain the ability to exec u ##te low-privileged code on the tar get system in order to exploit this vulnerability . [SEP]
LIME (words)An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
SHAP (words)An Out- of- Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low- privileged code on the target system in order to exploit this vulnerability
Download method SVGs Download ALL-in-one SVG
#5 · cve_id CVE-2020-15470 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)ffjpeg ▁through ▁2020 - 02 - 24 ▁has ▁a heap-based ▁buffer overflow ▁in ▁ j f if _ decode ▁in ▁ j f if . c . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
SHAP (words)ffjpeg through 2020- 02- 24 has a heap- based buffer overflow in jfif_decode in jfif. c
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] ffjpeg through 2020 - 02 - 24 has a heap-based buffer overflow in j ##fi ##f _ decode in j ##fi ##f . c . [SEP]
LRP (+Pred, pos-only)[CLS] ffjpeg through 2020 - 02 - 24 has a heap-based buffer overflow in j ##fi ##f _ decode in j ##fi ##f . c . [SEP]
LIME (words)ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
SHAP (words)ffjpeg through 2020- 02- 24 has a heap- based buffer overflow in jfif_decode in jfif. c
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] ffjpeg through 2020 - 02 - 24 has a heap-based buffer overflow in j ##fi ##f _ decode in j ##fi ##f . c . [SEP]
LRP (+Pred, pos-only)[CLS] ffjpeg through 2020 - 02 - 24 has a heap-based buffer overflow in j ##fi ##f _ decode in j ##fi ##f . c . [SEP]
LIME (words)ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
SHAP (words)ffjpeg through 2020- 02- 24 has a heap- based buffer overflow in jfif_decode in jfif. c
Download method SVGs Download ALL-in-one SVG
#6 · cve_id CVE-2021-30134 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁ php - mod / c url ▁ ( a wrapper ▁of ▁the PHP cURL ▁extension ) ▁before ▁2 . 3 . 2 ▁allows XSS ▁via ▁the ▁post _ file _ path _ upload ▁ . php ▁key param ▁ eter ▁and ▁the POST ▁data ▁to ▁post _ multi dimensional . php . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
SHAP (words)php- mod/ curl ( a wrapper of the PHP cURL extension) before 2. 3. 2 allows XSS via the post_file_path_upload. php key parameter and the POST data to post_multidimensional. php
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] php - mod / c url ( a wrapper of the PHP cURL extension ) before 2 . 3 . 2 allows XSS via the post _ file _ path _ upload . php key param et ##er and the POST data to post _ multi ##di ##men ##sional . php . [SEP]
LRP (+Pred, pos-only)[CLS] php - mod / c url ( a wrapper of the PHP cURL extension ) before 2 . 3 . 2 allows XSS via the post _ file _ path _ upload . php key param et ##er and the POST data to post _ multi ##di ##men ##sional . php . [SEP]
LIME (words)php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
SHAP (words)php- mod/ curl ( a wrapper of the PHP cURL extension) before 2. 3. 2 allows XSS via the post_file_path_upload. php key parameter and the POST data to post_multidimensional. php
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] php - mod / c url ( a wrapper of the PHP cURL extension ) before 2 . 3 . 2 allows XSS via the post _ file _ path _ upload . php key param et ##er and the POST data to post _ multi ##di ##men ##sional . php . [SEP]
LRP (+Pred, pos-only)[CLS] php - mod / c url ( a wrapper of the PHP cURL extension ) before 2 . 3 . 2 allows XSS via the post _ file _ path _ upload . php key param et ##er and the POST data to post _ multi ##di ##men ##sional . php . [SEP]
LIME (words)php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
SHAP (words)php- mod/ curl ( a wrapper of the PHP cURL extension) before 2. 3. 2 allows XSS via the post_file_path_upload. php key parameter and the POST data to post_multidimensional. php
Download method SVGs Download ALL-in-one SVG
#7 · cve_id CVE-2021-24494 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁The ▁ WP ▁Off load ▁SE S ▁ Lite WordPress plugin ▁before ▁1 . 4 . 5 ▁did ▁not ▁ e sc ▁a pe ▁some ▁of ▁the ▁fields ▁in ▁the Activity ▁page ▁of ▁the admin dashboard ▁such ▁as ▁the ▁email ' s ▁ id ▁subject ▁and ▁recipient ▁which ▁could ▁lead ▁to Stored Cross-Site Scripting ▁issues ▁when ▁an ▁attacker ▁can ▁control ▁any ▁of ▁these ▁fields ▁like ▁the ▁subject ▁when ▁filling ▁a ▁contact ▁form ▁for ▁example . ▁The XSS ▁will ▁be ▁executed ▁in ▁the ▁context ▁of ▁a ▁logged ▁in admin ▁viewing ▁the Activity ▁tab ▁of ▁the plugin ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard such as the email's id subject and recipient which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin.
SHAP (words)The WP Offload SES Lite WordPress plugin before 1. 4. 5 did not escape some of the fields in the Activity page of the admin dashboard such as the email' s id subject and recipient which could lead to Stored Cross- Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The WP Off ##load S ES Lite WordPress plugin before 1 . 4 . 5 did not e sc a ##pe some of the fields in the Activity page of the admin dashboard such as the email ' s id subject and re ##c ip i ##ent which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example . The XSS will be exec u ##ted in the context of a logged in admin viewing the Activity tab of the plugin . [SEP]
LRP (+Pred, pos-only)[CLS] The WP Off ##load S ES Lite WordPress plugin before 1 . 4 . 5 did not e sc a ##pe some of the fields in the Activity page of the admin dashboard such as the email ' s id subject and re ##c ip i ##ent which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example . The XSS will be exec u ##ted in the context of a logged in admin viewing the Activity tab of the plugin . [SEP]
LIME (words)The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard such as the email's id subject and recipient which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin.
SHAP (words)The WP Offload SES Lite WordPress plugin before 1. 4. 5 did not escape some of the fields in the Activity page of the admin dashboard such as the email' s id subject and recipient which could lead to Stored Cross- Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The WP Off ##load S ES Lite WordPress plugin before 1 . 4 . 5 did not e sc a ##pe some of the fields in the Activity page of the admin dashboard such as the email ' s id subject and re ##c ip i ##ent which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example . The XSS will be exec u ##ted in the context of a logged in admin viewing the Activity tab of the plugin . [SEP]
LRP (+Pred, pos-only)[CLS] The WP Off ##load S ES Lite WordPress plugin before 1 . 4 . 5 did not e sc a ##pe some of the fields in the Activity page of the admin dashboard such as the email ' s id subject and re ##c ip i ##ent which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example . The XSS will be exec u ##ted in the context of a logged in admin viewing the Activity tab of the plugin . [SEP]
LIME (words)The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard such as the email's id subject and recipient which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin.
SHAP (words)The WP Offload SES Lite WordPress plugin before 1. 4. 5 did not escape some of the fields in the Activity page of the admin dashboard such as the email' s id subject and recipient which could lead to Stored Cross- Site Scripting issues when an attacker can control any of these fields like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin
Download method SVGs Download ALL-in-one SVG
#8 · cve_id CVE-2015-10042 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁ ** UNSUPPORTED WHEN ASSIGNED ▁ ** ▁A ▁vulnerability ▁ cla ssi ▁ fi ed ▁as ▁critical ▁was ▁found ▁in ▁D ov ga ly uk ▁A I Battle . Affected ▁by ▁this ▁vulnerability ▁is ▁the ▁function ▁register User ▁of ▁the ▁file ▁site / pro ced ures . php . ▁The ▁manipulation ▁of ▁the ▁argument ▁post Login ▁leads ▁to sql inject ▁ ion . ▁The identifier ▁of ▁the ▁patch ▁is ▁4 48 e 98 80 aac ▁18 ae 78 32 f 8 d 06 5 e 03 e 46 ce 0 f 1 d 3 e 3 . ▁It ▁is ▁recommended ▁to ▁apply ▁a ▁patch ▁to ▁fix ▁this ▁issue . ▁The identifier ▁V DB - 21 83 05 ▁was ▁a ssi ▁ gne d ▁to ▁this ▁vulnerability . NOT ▁E : ▁This ▁vulnerability ▁only ▁affects ▁products ▁that ▁are ▁no ▁longer ▁supported ▁by ▁the maintainer ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
SHAP (words)** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/ procedures. php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB- 218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] * * UNSUPPORTED WHEN ASSIGNED * * A vulnerability c ##la ssi fi ##ed as critical was found in Do ##v ##gal ##yu ##k AI ##B ##att ##le . Affected by this vulnerability is the function register User of the file s ite / procedures . php . The man ip ul ##ation of the argument post Login leads to sql inject ion . The identifier of the patch is 44 ##8 ##e ##9 ##8 ##80 aac 18 ##ae ##7 ##8 ##32 ##f ##8 ##d ##0 ##65 ##e ##0 ##3 ##e ##46 ##ce ##0 ##f ##1 ##d ##3 ##e ##3 . It is recommended to apply a patch to fix this issue . The identifier V ##D ##B - 218 ##30 ##5 was a ssi g ##ned to this vulnerability . NOT E : This vulnerability only affects products that are no longer supported by the maintainer . [SEP]
LRP (+Pred, pos-only)[CLS] * * UNSUPPORTED WHEN ASSIGNED * * A vulnerability c ##la ssi fi ##ed as critical was found in Do ##v ##gal ##yu ##k AI ##B ##att ##le . Affected by this vulnerability is the function register User of the file s ite / procedures . php . The man ip ul ##ation of the argument post Login leads to sql inject ion . The identifier of the patch is 44 ##8 ##e ##9 ##8 ##80 aac 18 ##ae ##7 ##8 ##32 ##f ##8 ##d ##0 ##65 ##e ##0 ##3 ##e ##46 ##ce ##0 ##f ##1 ##d ##3 ##e ##3 . It is recommended to apply a patch to fix this issue . The identifier V ##D ##B - 218 ##30 ##5 was a ssi g ##ned to this vulnerability . NOT E : This vulnerability only affects products that are no longer supported by the maintainer . [SEP]
LIME (words)** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
SHAP (words)** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/ procedures. php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB- 218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] * * UNSUPPORTED WHEN ASSIGNED * * A vulnerability c ##la ssi fi ##ed as critical was found in Do ##v ##gal ##yu ##k AI ##B ##att ##le . Affected by this vulnerability is the function register User of the file s ite / procedures . php . The man ip ul ##ation of the argument post Login leads to sql inject ion . The identifier of the patch is 44 ##8 ##e ##9 ##8 ##80 aac 18 ##ae ##7 ##8 ##32 ##f ##8 ##d ##0 ##65 ##e ##0 ##3 ##e ##46 ##ce ##0 ##f ##1 ##d ##3 ##e ##3 . It is recommended to apply a patch to fix this issue . The identifier V ##D ##B - 218 ##30 ##5 was a ssi g ##ned to this vulnerability . NOT E : This vulnerability only affects products that are no longer supported by the maintainer . [SEP]
LRP (+Pred, pos-only)[CLS] * * UNSUPPORTED WHEN ASSIGNED * * A vulnerability c ##la ssi fi ##ed as critical was found in Do ##v ##gal ##yu ##k AI ##B ##att ##le . Affected by this vulnerability is the function register User of the file s ite / procedures . php . The man ip ul ##ation of the argument post Login leads to sql inject ion . The identifier of the patch is 44 ##8 ##e ##9 ##8 ##80 aac 18 ##ae ##7 ##8 ##32 ##f ##8 ##d ##0 ##65 ##e ##0 ##3 ##e ##46 ##ce ##0 ##f ##1 ##d ##3 ##e ##3 . It is recommended to apply a patch to fix this issue . The identifier V ##D ##B - 218 ##30 ##5 was a ssi g ##ned to this vulnerability . NOT E : This vulnerability only affects products that are no longer supported by the maintainer . [SEP]
LIME (words)** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
SHAP (words)** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/ procedures. php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB- 218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Download method SVGs Download ALL-in-one SVG
#9 · cve_id CVE-2021-28124 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A man-in-the-middle ▁vulnerability ▁in ▁Co he s ity ▁Data Plat ▁form ▁support ▁channel ▁in ▁version ▁6 . 3 ▁up ▁to ▁6 . 3 . 1 g ▁6 . 4 ▁up ▁to ▁6 . 4 . 1 c ▁and ▁6 . 5 . 1 ▁through ▁6 . 5 . 1 b . ▁Mi ssi ▁ ng ▁server authentication ▁in ▁impacted ▁versions ▁can ▁allow ▁an ▁attacker ▁to Man-in-the-middle ▁ ( MITM ▁ ) ▁support ▁channel UI ▁ se ssi ▁on ▁to ▁Co he s ity ▁Data Plat ▁form ▁cluster . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster.
SHAP (words)A man- in- the- middle vulnerability in Cohesity DataPlatform support channel in version 6. 3 up to 6. 3. 1g 6. 4 up to 6. 4. 1c and 6. 5. 1 through 6. 5. 1b. Missing server authentication in impacted versions can allow an attacker to Man- in- the- middle ( MITM) support channel UI session to Cohesity DataPlatform cluster
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A man-in-the-middle vulnerability in Co ##hes ##ity Data Plat form support channel in version 6 . 3 up to 6 . 3 . 1 ##g 6 . 4 up to 6 . 4 . 1 ##c and 6 . 5 . 1 through 6 . 5 . 1 ##b . Mi ssi ng server authentication in impacted versions can allow an attacker to Man-in-the-middle ( MITM ) support channel UI se ssi on to Co ##hes ##ity Data Plat form cluster . [SEP]
LRP (+Pred, pos-only)[CLS] A man-in-the-middle vulnerability in Co ##hes ##ity Data Plat form support channel in version 6 . 3 up to 6 . 3 . 1 ##g 6 . 4 up to 6 . 4 . 1 ##c and 6 . 5 . 1 through 6 . 5 . 1 ##b . Mi ssi ng server authentication in impacted versions can allow an attacker to Man-in-the-middle ( MITM ) support channel UI se ssi on to Co ##hes ##ity Data Plat form cluster . [SEP]
LIME (words)A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster.
SHAP (words)A man- in- the- middle vulnerability in Cohesity DataPlatform support channel in version 6. 3 up to 6. 3. 1g 6. 4 up to 6. 4. 1c and 6. 5. 1 through 6. 5. 1b. Missing server authentication in impacted versions can allow an attacker to Man- in- the- middle ( MITM) support channel UI session to Cohesity DataPlatform cluster
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A man-in-the-middle vulnerability in Co ##hes ##ity Data Plat form support channel in version 6 . 3 up to 6 . 3 . 1 ##g 6 . 4 up to 6 . 4 . 1 ##c and 6 . 5 . 1 through 6 . 5 . 1 ##b . Mi ssi ng server authentication in impacted versions can allow an attacker to Man-in-the-middle ( MITM ) support channel UI se ssi on to Co ##hes ##ity Data Plat form cluster . [SEP]
LRP (+Pred, pos-only)[CLS] A man-in-the-middle vulnerability in Co ##hes ##ity Data Plat form support channel in version 6 . 3 up to 6 . 3 . 1 ##g 6 . 4 up to 6 . 4 . 1 ##c and 6 . 5 . 1 through 6 . 5 . 1 ##b . Mi ssi ng server authentication in impacted versions can allow an attacker to Man-in-the-middle ( MITM ) support channel UI se ssi on to Co ##hes ##ity Data Plat form cluster . [SEP]
LIME (words)A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster.
SHAP (words)A man- in- the- middle vulnerability in Cohesity DataPlatform support channel in version 6. 3 up to 6. 3. 1g 6. 4 up to 6. 4. 1c and 6. 5. 1 through 6. 5. 1b. Missing server authentication in impacted versions can allow an attacker to Man- in- the- middle ( MITM) support channel UI session to Cohesity DataPlatform cluster
Download method SVGs Download ALL-in-one SVG
#10 · cve_id CVE-2021-33175 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁E MQ ▁X Broker ▁versions ▁prior ▁to ▁4 . 2 . 8 ▁are ▁vulnerable ▁to ▁a ▁denial ▁of ▁service ▁attack ▁as ▁a ▁result ▁of ▁ex ce ssi ▁ ve ▁memory ▁consumption ▁due ▁to ▁the ▁handling ▁of untrusted ▁input s . ▁These ▁input s ▁cause ▁the ▁message ▁broker ▁to ▁consume ▁large ▁amounts ▁of ▁memory ▁resulting ▁in ▁the ▁application ▁being ▁terminated ▁by ▁the ▁operating ▁system . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system.
SHAP (words)EMQ X Broker versions prior to 4. 2. 8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] EM Q X Broker versions prior to 4 . 2 . 8 are vulnerable to a denial of service attack as a result of ex ##ce ssi ve memory consumption due to the handling of untrusted inputs . These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system . [SEP]
LRP (+Pred, pos-only)[CLS] EM Q X Broker versions prior to 4 . 2 . 8 are vulnerable to a denial of service attack as a result of ex ##ce ssi ve memory consumption due to the handling of untrusted inputs . These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system . [SEP]
LIME (words)EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system.
SHAP (words)EMQ X Broker versions prior to 4. 2. 8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] EM Q X Broker versions prior to 4 . 2 . 8 are vulnerable to a denial of service attack as a result of ex ##ce ssi ve memory consumption due to the handling of untrusted inputs . These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system . [SEP]
LRP (+Pred, pos-only)[CLS] EM Q X Broker versions prior to 4 . 2 . 8 are vulnerable to a denial of service attack as a result of ex ##ce ssi ve memory consumption due to the handling of untrusted inputs . These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system . [SEP]
LIME (words)EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system.
SHAP (words)EMQ X Broker versions prior to 4. 2. 8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory resulting in the application being terminated by the operating system
Download method SVGs Download ALL-in-one SVG
#11 · cve_id CVE-2021-28683 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁in Envoy ▁through ▁1 . 71 . 1 . ▁There ▁is ▁a ▁remotely exploitable NULL ▁ pointer dereference ▁and ▁crash ▁in TLS ▁when ▁an ▁unknown TLS ▁alert ▁code ▁is ▁received . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
SHAP (words)An issue was discovered in Envoy through 1. 71. 1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in Envoy through 1 . 71 . 1 . There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in Envoy through 1 . 71 . 1 . There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received . [SEP]
LIME (words)An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
SHAP (words)An issue was discovered in Envoy through 1. 71. 1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in Envoy through 1 . 71 . 1 . There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in Envoy through 1 . 71 . 1 . There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received . [SEP]
LIME (words)An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
SHAP (words)An issue was discovered in Envoy through 1. 71. 1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received
Download method SVGs Download ALL-in-one SVG
#12 · cve_id CVE-2023-0103 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁If ▁an ▁attacker ▁were ▁to ▁access ▁memory ▁locations ▁of ▁ LS ▁ EL ECT RIC ▁X BC - DN 32 U ▁with ▁operating ▁system ▁version ▁ 01 . 80 ▁that ▁are ▁out sid ▁ e ▁of ▁the ▁communication ▁buffer ▁the ▁device ▁stops ▁operating . ▁This ▁could ▁allow ▁an ▁attacker ▁to ▁cause ▁a denial-of-service ▁condition . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer the device stops operating. This could allow an attacker to cause a denial-of-service condition.
SHAP (words)If an attacker were to access memory locations of LS ELECTRIC XBC- DN32U with operating system version 01. 80 that are outside of the communication buffer the device stops operating. This could allow an attacker to cause a denial- of- service condition
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] If an attacker were to access memory locations of L ##S EL EC ##TR ##IC X ##BC - DN 32 ##U with operating system version 01 . 80 that are out sid e of the communication buffer the dev ice stops operating . This could allow an attacker to cause a denial-of-service condition . [SEP]
LRP (+Pred, pos-only)[CLS] If an attacker were to access memory locations of L ##S EL EC ##TR ##IC X ##BC - DN 32 ##U with operating system version 01 . 80 that are out sid e of the communication buffer the dev ice stops operating . This could allow an attacker to cause a denial-of-service condition . [SEP]
LIME (words)If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer the device stops operating. This could allow an attacker to cause a denial-of-service condition.
SHAP (words)If an attacker were to access memory locations of LS ELECTRIC XBC- DN32U with operating system version 01. 80 that are outside of the communication buffer the device stops operating. This could allow an attacker to cause a denial- of- service condition
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] If an attacker were to access memory locations of L ##S EL EC ##TR ##IC X ##BC - DN 32 ##U with operating system version 01 . 80 that are out sid e of the communication buffer the dev ice stops operating . This could allow an attacker to cause a denial-of-service condition . [SEP]
LRP (+Pred, pos-only)[CLS] If an attacker were to access memory locations of L ##S EL EC ##TR ##IC X ##BC - DN 32 ##U with operating system version 01 . 80 that are out sid e of the communication buffer the dev ice stops operating . This could allow an attacker to cause a denial-of-service condition . [SEP]
LIME (words)If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer the device stops operating. This could allow an attacker to cause a denial-of-service condition.
SHAP (words)If an attacker were to access memory locations of LS ELECTRIC XBC- DN32U with operating system version 01. 80 that are outside of the communication buffer the device stops operating. This could allow an attacker to cause a denial- of- service condition
Download method SVGs Download ALL-in-one SVG
#13 · cve_id CVE-2021-22774 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁C WE - 75 9 : ▁Use ▁of ▁a ▁One - Way Hash ▁without ▁a ▁Salt ▁vulnerability ▁exists ▁in ▁ EV link ▁City ▁ ( EV C 1 S 22 P 4 ▁ / ▁E VC 1 S 7 P 4 ▁all ▁versions ▁prior ▁to ▁R 8 ▁V 3 . 4 . 0 . 1 ) ▁ EV link ▁Park ing ▁ ( EV W 2 ▁ / ▁E VF 2 ▁ / ▁ EV . 2 ▁all ▁versions ▁prior ▁to ▁R 8 ▁V 3 . 4 . 0 . 1 ) ▁and ▁ EV link ▁Smart ▁Wall box ▁ ( EV B 1 A ▁all ▁versions ▁prior ▁to ▁R 8 ▁V 3 . 4 . 0 . 1 ▁ ) ▁that ▁could ▁lead ▁an ▁attacker ▁to ▁get ▁knowledge ▁of ▁charging ▁station ▁user ▁account credential ▁ s ▁using ▁dictionary ▁attacks ▁techniques . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1) EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1) and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques.
SHAP (words)A CWE- 759: Use of a One- Way Hash without a Salt vulnerability exists in EVlink City ( EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3. 4. 0. 1) EVlink Parking ( EVW2 / EVF2 / EV. 2 all versions prior to R8 V3. 4. 0. 1) and EVlink Smart Wallbox ( EVB1A all versions prior to R8 V3. 4. 0. 1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A CW ##E - 75 ##9 : Use of a One - Way Hash without a Salt vulnerability exists in E ##V ##link City ( E ##VC ##1 ##S ##22 ##P ##4 / E ##VC ##1 ##S ##7 ##P ##4 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) E ##V ##link Park ##ing ( E ##V ##W ##2 / E ##V ##F ##2 / E ##V . 2 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) and E ##V ##link Smart Wall ##box ( E ##VB ##1 ##A all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) that could lead an attacker to get knowledge of char g ##ing station user account credential s using dictionary attacks techniques . [SEP]
LRP (+Pred, pos-only)[CLS] A CW ##E - 75 ##9 : Use of a One - Way Hash without a Salt vulnerability exists in E ##V ##link City ( E ##VC ##1 ##S ##22 ##P ##4 / E ##VC ##1 ##S ##7 ##P ##4 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) E ##V ##link Park ##ing ( E ##V ##W ##2 / E ##V ##F ##2 / E ##V . 2 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) and E ##V ##link Smart Wall ##box ( E ##VB ##1 ##A all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) that could lead an attacker to get knowledge of char g ##ing station user account credential s using dictionary attacks techniques . [SEP]
LIME (words)A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1) EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1) and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques.
SHAP (words)A CWE- 759: Use of a One- Way Hash without a Salt vulnerability exists in EVlink City ( EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3. 4. 0. 1) EVlink Parking ( EVW2 / EVF2 / EV. 2 all versions prior to R8 V3. 4. 0. 1) and EVlink Smart Wallbox ( EVB1A all versions prior to R8 V3. 4. 0. 1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A CW ##E - 75 ##9 : Use of a One - Way Hash without a Salt vulnerability exists in E ##V ##link City ( E ##VC ##1 ##S ##22 ##P ##4 / E ##VC ##1 ##S ##7 ##P ##4 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) E ##V ##link Park ##ing ( E ##V ##W ##2 / E ##V ##F ##2 / E ##V . 2 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) and E ##V ##link Smart Wall ##box ( E ##VB ##1 ##A all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) that could lead an attacker to get knowledge of char g ##ing station user account credential s using dictionary attacks techniques . [SEP]
LRP (+Pred, pos-only)[CLS] A CW ##E - 75 ##9 : Use of a One - Way Hash without a Salt vulnerability exists in E ##V ##link City ( E ##VC ##1 ##S ##22 ##P ##4 / E ##VC ##1 ##S ##7 ##P ##4 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) E ##V ##link Park ##ing ( E ##V ##W ##2 / E ##V ##F ##2 / E ##V . 2 all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) and E ##V ##link Smart Wall ##box ( E ##VB ##1 ##A all versions prior to R ##8 V ##3 . 4 . 0 . 1 ) that could lead an attacker to get knowledge of char g ##ing station user account credential s using dictionary attacks techniques . [SEP]
LIME (words)A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1) EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1) and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques.
SHAP (words)A CWE- 759: Use of a One- Way Hash without a Salt vulnerability exists in EVlink City ( EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3. 4. 0. 1) EVlink Parking ( EVW2 / EVF2 / EV. 2 all versions prior to R8 V3. 4. 0. 1) and EVlink Smart Wallbox ( EVB1A all versions prior to R8 V3. 4. 0. 1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques
Download method SVGs Download ALL-in-one SVG
#14 · cve_id CVE-2022-48223 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁A cu ant ▁A cu Fi ll SDK ▁before ▁10 . 22 . 02 . 03 . ▁During SDK ▁repair ▁ cer t util . ex e ▁is ▁called ▁by ▁the ▁A cu ant installer ▁to ▁repair ▁certificates . ▁This ▁call ▁is ▁vulnerable ▁to DLL hijacking ▁due ▁to ▁a ▁race ▁condition ▁and insecure permissions ▁on ▁the ▁executing ▁directory . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.
SHAP (words)An issue was discovered in Acuant AcuFill SDK before 10. 22. 02. 03. During SDK repair certutil. exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in A ##cu ##ant A ##cu ##F ##ill SDK before 10 . 22 . 02 . 03 . D uri ng SDK repair c ##ert ##uti ##l . ex ##e is called by the A ##cu ##ant installer to repair certificates . This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the exec u ##ting directory . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in A ##cu ##ant A ##cu ##F ##ill SDK before 10 . 22 . 02 . 03 . D uri ng SDK repair c ##ert ##uti ##l . ex ##e is called by the A ##cu ##ant installer to repair certificates . This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the exec u ##ting directory . [SEP]
LIME (words)An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.
SHAP (words)An issue was discovered in Acuant AcuFill SDK before 10. 22. 02. 03. During SDK repair certutil. exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory
lrp-distilbert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in A ##cu ##ant A ##cu ##F ##ill SDK before 10 . 22 . 02 . 03 . D uri ng SDK repair c ##ert ##uti ##l . ex ##e is called by the A ##cu ##ant installer to repair certificates . This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the exec u ##ting directory . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in A ##cu ##ant A ##cu ##F ##ill SDK before 10 . 22 . 02 . 03 . D uri ng SDK repair c ##ert ##uti ##l . ex ##e is called by the A ##cu ##ant installer to repair certificates . This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the exec u ##ting directory . [SEP]
LIME (words)An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.
SHAP (words)An issue was discovered in Acuant AcuFill SDK before 10. 22. 02. 03. During SDK repair certutil. exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory
Download method SVGs Download ALL-in-one SVG
#15 · cve_id CVE-2022-40778 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁stored Cross-Site Scripting ▁ ( XSS ▁ ) ▁vulnerability ▁in ▁ OP SW AT Meta Defender ▁I CAP ▁Server ▁before ▁4 . 13 . 0 ▁allows ▁attackers ▁to ▁execute ▁arbitrary JavaScript ▁or HTML ▁because ▁of ▁the ▁blocked ▁page ▁response . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
SHAP (words)A stored Cross- Site Scripting ( XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4. 13. 0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A stored Cross-Site Scripting ( XSS ) vulnerability in O ##P SW AT Meta Defender I ##CA ##P Server before 4 . 13 . 0 allows attackers to exec u ##te arbitrary JavaScript or HTML because of the blocked page response . [SEP]
LRP (+Pred, pos-only)[CLS] A stored Cross-Site Scripting ( XSS ) vulnerability in O ##P SW AT Meta Defender I ##CA ##P Server before 4 . 13 . 0 allows attackers to exec u ##te arbitrary JavaScript or HTML because of the blocked page response . [SEP]
LIME (words)A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
SHAP (words)A stored Cross- Site Scripting ( XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4. 13. 0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A stored Cross-Site Scripting ( XSS ) vulnerability in O ##P SW AT Meta Defender I ##CA ##P Server before 4 . 13 . 0 allows attackers to exec u ##te arbitrary JavaScript or HTML because of the blocked page response . [SEP]
LRP (+Pred, pos-only)[CLS] A stored Cross-Site Scripting ( XSS ) vulnerability in O ##P SW AT Meta Defender I ##CA ##P Server before 4 . 13 . 0 allows attackers to exec u ##te arbitrary JavaScript or HTML because of the blocked page response . [SEP]
LIME (words)A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
SHAP (words)A stored Cross- Site Scripting ( XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4. 13. 0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response
Download method SVGs Download ALL-in-one SVG
#16 · cve_id CVE-2020-35551 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁on ▁Samsung mobi ▁ le ▁devices ▁with ▁O ( 8 . x ) ▁P ( 9 . 0 ) ▁and ▁Q ( 10 . 0 ) ▁ ( Exynos chipset ▁ s ) ▁software . ▁They ▁allow ▁attackers ▁to ▁conduct RPMB ▁state -c ▁hang e ▁attacks ▁because ▁an unauthorized RPMB ▁write ▁operation ▁can ▁be replayed ▁a ▁related ▁issue ▁to CVE ▁ - 20 20 - 1 37 99 . ▁The ▁Samsung ▁ID ▁is ▁ S VE - 20 20 - 18 100 ▁ ( December ▁2020 ) . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered on Samsung mobile devices with O(8.x) P(9.0) and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).
SHAP (words)An issue was discovered on Samsung mobile devices with O( 8. x) P( 9. 0) and Q( 10. 0) ( Exynos chipsets) software. They allow attackers to conduct RPMB state- change attacks because an unauthorized RPMB write operation can be replayed a related issue to CVE- 2020- 13799. The Samsung ID is SVE- 2020- 18100 ( December 2020
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with O ( 8 . x ) P ( 9 . 0 ) and Q ( 10 . 0 ) ( Exynos chipset s ) software . They allow attackers to conduct RPMB state -c hang ##e attacks because an unauthorized RPMB w ##r ite operation can be replayed a related issue to CVE - 2020 - 137 ##9 ##9 . The Samsung ID is SV ##E - 2020 - 1810 ##0 ( December 2020 ) . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with O ( 8 . x ) P ( 9 . 0 ) and Q ( 10 . 0 ) ( Exynos chipset s ) software . They allow attackers to conduct RPMB state -c hang ##e attacks because an unauthorized RPMB w ##r ite operation can be replayed a related issue to CVE - 2020 - 137 ##9 ##9 . The Samsung ID is SV ##E - 2020 - 1810 ##0 ( December 2020 ) . [SEP]
LIME (words)An issue was discovered on Samsung mobile devices with O(8.x) P(9.0) and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).
SHAP (words)An issue was discovered on Samsung mobile devices with O( 8. x) P( 9. 0) and Q( 10. 0) ( Exynos chipsets) software. They allow attackers to conduct RPMB state- change attacks because an unauthorized RPMB write operation can be replayed a related issue to CVE- 2020- 13799. The Samsung ID is SVE- 2020- 18100 ( December 2020
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with O ( 8 . x ) P ( 9 . 0 ) and Q ( 10 . 0 ) ( Exynos chipset s ) software . They allow attackers to conduct RPMB state -c hang ##e attacks because an unauthorized RPMB w ##r ite operation can be replayed a related issue to CVE - 2020 - 137 ##9 ##9 . The Samsung ID is SV ##E - 2020 - 1810 ##0 ( December 2020 ) . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with O ( 8 . x ) P ( 9 . 0 ) and Q ( 10 . 0 ) ( Exynos chipset s ) software . They allow attackers to conduct RPMB state -c hang ##e attacks because an unauthorized RPMB w ##r ite operation can be replayed a related issue to CVE - 2020 - 137 ##9 ##9 . The Samsung ID is SV ##E - 2020 - 1810 ##0 ( December 2020 ) . [SEP]
LIME (words)An issue was discovered on Samsung mobile devices with O(8.x) P(9.0) and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).
SHAP (words)An issue was discovered on Samsung mobile devices with O( 8. x) P( 9. 0) and Q( 10. 0) ( Exynos chipsets) software. They allow attackers to conduct RPMB state- change attacks because an unauthorized RPMB write operation can be replayed a related issue to CVE- 2020- 13799. The Samsung ID is SVE- 2020- 18100 ( December 2020
Download method SVGs Download ALL-in-one SVG
#17 · cve_id CVE-2022-44256 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)TOTOLINK ▁ LR 350 ▁V 9 . 3 . 5 u . 63 69 _ B 20 22 03 09 ▁contains ▁a post-authentication ▁buffer overflow ▁via param ▁ eter ▁ lang ▁in ▁the ▁set L an gu age C f g ▁function . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
SHAP (words)TOTOLINK LR350 V9. 3. 5u. 6369_B20220309 contains a post- authentication buffer overflow via parameter lang in the setLanguageCfg function
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] TOTOLINK L ##R ##35 ##0 V ##9 . 3 . 5 ##u . 63 ##6 ##9 _ B ##20 ##22 ##0 ##30 ##9 contains a post-authentication buffer overflow via param et ##er lang in the set ##L ##ang ##ua ##ge ##C ##f ##g function . [SEP]
LRP (+Pred, pos-only)[CLS] TOTOLINK L ##R ##35 ##0 V ##9 . 3 . 5 ##u . 63 ##6 ##9 _ B ##20 ##22 ##0 ##30 ##9 contains a post-authentication buffer overflow via param et ##er lang in the set ##L ##ang ##ua ##ge ##C ##f ##g function . [SEP]
LIME (words)TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
SHAP (words)TOTOLINK LR350 V9. 3. 5u. 6369_B20220309 contains a post- authentication buffer overflow via parameter lang in the setLanguageCfg function
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] TOTOLINK L ##R ##35 ##0 V ##9 . 3 . 5 ##u . 63 ##6 ##9 _ B ##20 ##22 ##0 ##30 ##9 contains a post-authentication buffer overflow via param et ##er lang in the set ##L ##ang ##ua ##ge ##C ##f ##g function . [SEP]
LRP (+Pred, pos-only)[CLS] TOTOLINK L ##R ##35 ##0 V ##9 . 3 . 5 ##u . 63 ##6 ##9 _ B ##20 ##22 ##0 ##30 ##9 contains a post-authentication buffer overflow via param et ##er lang in the set ##L ##ang ##ua ##ge ##C ##f ##g function . [SEP]
LIME (words)TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
SHAP (words)TOTOLINK LR350 V9. 3. 5u. 6369_B20220309 contains a post- authentication buffer overflow via parameter lang in the setLanguageCfg function
Download method SVGs Download ALL-in-one SVG
#18 · cve_id CVE-2022-40503 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In for matio ▁ n ▁di sc ▁ los ure ▁due ▁to ▁buffer over-read ▁in Bluetooth ▁Host ▁while ▁A 2 DP ▁streaming . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
SHAP (words)Information disclosure due to buffer over- read in Bluetooth Host while A2DP streaming
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In ##fo ##r matio n di sc los ##ure due to buffer over-read in Bluetooth Host while A2 ##DP streaming . [SEP]
LRP (+Pred, pos-only)[CLS] In ##fo ##r matio n di sc los ##ure due to buffer over-read in Bluetooth Host while A2 ##DP streaming . [SEP]
LIME (words)Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
SHAP (words)Information disclosure due to buffer over- read in Bluetooth Host while A2DP streaming
lrp-distilbert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In ##fo ##r matio n di sc los ##ure due to buffer over-read in Bluetooth Host while A2 ##DP streaming . [SEP]
LRP (+Pred, pos-only)[CLS] In ##fo ##r matio n di sc los ##ure due to buffer over-read in Bluetooth Host while A2 ##DP streaming . [SEP]
LIME (words)Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
SHAP (words)Information disclosure due to buffer over- read in Bluetooth Host while A2DP streaming
Download method SVGs Download ALL-in-one SVG
#19 · cve_id CVE-2023-7183 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁vulnerability ▁has ▁been ▁found ▁in ▁7 -c ▁ ard ▁Fa ka ba o ▁up ▁to ▁1 . 0 _ build 20 23 08 05 ▁and ▁ cla ssi ▁ fi ed ▁as ▁critical . Affected ▁by ▁this ▁vulnerability ▁is ▁an ▁unknown ▁functionality ▁of ▁the ▁file ▁shop / ali pay _ not ify . php . ▁The ▁manipulation ▁of ▁the ▁argument ▁out _ trade _ no ▁leads ▁to sql inject ▁ ion . ▁The ▁exploit ▁has ▁been disclose ▁ d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁The identifier ▁V DB - 24 93 85 ▁was ▁a ssi ▁ gne d ▁to ▁this ▁vulnerability . NOT ▁E : ▁The ▁vendor ▁was ▁contacted ▁early ▁about ▁this ▁di sc ▁ los ure ▁but ▁did ▁not ▁respond ▁in ▁any ▁way . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)A vulnerability has been found in 7- card Fakabao up to 1. 0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/ alipay_notify. php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB- 249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability has been found in 7 -c a ##rd F ##aka ##bao up to 1 . 0 _ build ##20 ##23 ##0 ##80 ##5 and c ##la ssi fi ##ed as critical . Affected by this vulnerability is an unknown functionality of the file shop / al ip a ##y _ not ##ify . php . The man ip ul ##ation of the argument out _ trade _ no leads to sql inject ion . The exploit has been disclose d to the public and may be used . The identifier V ##D ##B - 249 ##38 ##5 was a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability has been found in 7 -c a ##rd F ##aka ##bao up to 1 . 0 _ build ##20 ##23 ##0 ##80 ##5 and c ##la ssi fi ##ed as critical . Affected by this vulnerability is an unknown functionality of the file shop / al ip a ##y _ not ##ify . php . The man ip ul ##ation of the argument out _ trade _ no leads to sql inject ion . The exploit has been disclose d to the public and may be used . The identifier V ##D ##B - 249 ##38 ##5 was a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LIME (words)A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)A vulnerability has been found in 7- card Fakabao up to 1. 0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/ alipay_notify. php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB- 249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability has been found in 7 -c a ##rd F ##aka ##bao up to 1 . 0 _ build ##20 ##23 ##0 ##80 ##5 and c ##la ssi fi ##ed as critical . Affected by this vulnerability is an unknown functionality of the file shop / al ip a ##y _ not ##ify . php . The man ip ul ##ation of the argument out _ trade _ no leads to sql inject ion . The exploit has been disclose d to the public and may be used . The identifier V ##D ##B - 249 ##38 ##5 was a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability has been found in 7 -c a ##rd F ##aka ##bao up to 1 . 0 _ build ##20 ##23 ##0 ##80 ##5 and c ##la ssi fi ##ed as critical . Affected by this vulnerability is an unknown functionality of the file shop / al ip a ##y _ not ##ify . php . The man ip ul ##ation of the argument out _ trade _ no leads to sql inject ion . The exploit has been disclose d to the public and may be used . The identifier V ##D ##B - 249 ##38 ##5 was a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LIME (words)A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)A vulnerability has been found in 7- card Fakabao up to 1. 0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/ alipay_notify. php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB- 249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
Download method SVGs Download ALL-in-one SVG
#20 · cve_id CVE-2016-9928 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁ MC a bber ▁before ▁1 . 0 . 4 ▁is ▁vulnerable ▁to ▁roster ▁push ▁attacks ▁which ▁allows ▁remote ▁attackers ▁to ▁intercept ▁communications ▁or ▁add ▁themselves ▁as ▁an ▁entity ▁on ▁a ▁3 rd ▁party ' s ▁roster ▁as ▁another ▁user ▁which ▁will ▁also ▁garner ▁associated ▁privileges ▁via ▁crafted XMPP ▁packet s . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)MCabber before 1.0.4 is vulnerable to roster push attacks which allows remote attackers to intercept communications or add themselves as an entity on a 3rd party's roster as another user which will also garner associated privileges via crafted XMPP packets.
SHAP (words)MCabber before 1. 0. 4 is vulnerable to roster push attacks which allows remote attackers to intercept communications or add themselves as an entity on a 3rd party' s roster as another user which will also garner associated privileges via crafted XMPP packets
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] MC ##ab ##ber before 1 . 0 . 4 is vulnerable to roster push attacks which allows remote attackers to int er ##ce ##pt communications or add themselves as an entity on a 3rd party ' s roster as another user which will also g ##ar ##ner associated privileges via crafted XMPP packets . [SEP]
LRP (+Pred, pos-only)[CLS] MC ##ab ##ber before 1 . 0 . 4 is vulnerable to roster push attacks which allows remote attackers to int er ##ce ##pt communications or add themselves as an entity on a 3rd party ' s roster as another user which will also g ##ar ##ner associated privileges via crafted XMPP packets . [SEP]
LIME (words)MCabber before 1.0.4 is vulnerable to roster push attacks which allows remote attackers to intercept communications or add themselves as an entity on a 3rd party's roster as another user which will also garner associated privileges via crafted XMPP packets.
SHAP (words)MCabber before 1. 0. 4 is vulnerable to roster push attacks which allows remote attackers to intercept communications or add themselves as an entity on a 3rd party' s roster as another user which will also garner associated privileges via crafted XMPP packets
lrp-distilbert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] MC ##ab ##ber before 1 . 0 . 4 is vulnerable to roster push attacks which allows remote attackers to int er ##ce ##pt communications or add themselves as an entity on a 3rd party ' s roster as another user which will also g ##ar ##ner associated privileges via crafted XMPP packets . [SEP]
LRP (+Pred, pos-only)[CLS] MC ##ab ##ber before 1 . 0 . 4 is vulnerable to roster push attacks which allows remote attackers to int er ##ce ##pt communications or add themselves as an entity on a 3rd party ' s roster as another user which will also g ##ar ##ner associated privileges via crafted XMPP packets . [SEP]
LIME (words)MCabber before 1.0.4 is vulnerable to roster push attacks which allows remote attackers to intercept communications or add themselves as an entity on a 3rd party's roster as another user which will also garner associated privileges via crafted XMPP packets.
SHAP (words)MCabber before 1. 0. 4 is vulnerable to roster push attacks which allows remote attackers to intercept communications or add themselves as an entity on a 3rd party' s roster as another user which will also garner associated privileges via crafted XMPP packets
Download method SVGs Download ALL-in-one SVG
#21 · cve_id CVE-2020-14328 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A flaw ▁was ▁found ▁in Ansible ▁Tower ▁in ▁versions ▁before ▁3 . 7 . 2 . ▁A ▁Server ▁Side Request Forgery flaw ▁can ▁be ▁abused ▁by ▁supplying ▁a URL ▁which ▁could ▁lead ▁to ▁the ▁server ▁pro ce ssi ▁ ng ▁it ▁connecting ▁to ▁internal ▁services ▁or ▁exposing ▁additional ▁internal ▁services ▁and ▁more ▁particularly retrieving ▁full ▁details ▁in ▁case ▁of err ▁or . ▁The ▁highest ▁threat ▁from ▁this ▁vulnerability ▁is ▁to ▁data confidentiality ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.
SHAP (words)A flaw was found in Ansible Tower in versions before 3. 7. 2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A flaw was found in Ansible Tower in versions before 3 . 7 . 2 . A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server pro ##ce ssi ng it connecting to int er ##nal services or exposing additional int er ##nal services and more particularly retrieving full details in case of err or . The highest threat from this vulnerability is to data confidentiality . [SEP]
LRP (+Pred, pos-only)[CLS] A flaw was found in Ansible Tower in versions before 3 . 7 . 2 . A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server pro ##ce ssi ng it connecting to int er ##nal services or exposing additional int er ##nal services and more particularly retrieving full details in case of err or . The highest threat from this vulnerability is to data confidentiality . [SEP]
LIME (words)A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.
SHAP (words)A flaw was found in Ansible Tower in versions before 3. 7. 2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A flaw was found in Ansible Tower in versions before 3 . 7 . 2 . A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server pro ##ce ssi ng it connecting to int er ##nal services or exposing additional int er ##nal services and more particularly retrieving full details in case of err or . The highest threat from this vulnerability is to data confidentiality . [SEP]
LRP (+Pred, pos-only)[CLS] A flaw was found in Ansible Tower in versions before 3 . 7 . 2 . A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server pro ##ce ssi ng it connecting to int er ##nal services or exposing additional int er ##nal services and more particularly retrieving full details in case of err or . The highest threat from this vulnerability is to data confidentiality . [SEP]
LIME (words)A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.
SHAP (words)A flaw was found in Ansible Tower in versions before 3. 7. 2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality
Download method SVGs Download ALL-in-one SVG
#22 · cve_id CVE-2022-44738 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=0.85 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Improper Neutralization ▁of ▁Formula ▁ Element s ▁in ▁a CSV ▁File ▁vulnerability ▁in ▁Patrick ▁Rob re cht Posts ▁and User ▁ s ▁Sta t s . This ▁issue ▁affects Posts ▁and User ▁ s ▁Sta t s : ▁from ▁ n / a ▁through ▁1 . 1 . 3 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3.
SHAP (words)Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats. This issue affects Posts and Users Stats: from n/ a through 1. 1. 3
lrp-bert · Pred=NONE (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Improper Neutralization of Formula Element s in a CSV File vulnerability in Patrick Rob ##recht Posts and User s St ##ats . This issue affects Posts and User s St ##ats : from n / a through 1 . 1 . 3 . [SEP]
LRP (+Pred, pos-only)[CLS] Improper Neutralization of Formula Element s in a CSV File vulnerability in Patrick Rob ##recht Posts and User s St ##ats . This issue affects Posts and User s St ##ats : from n / a through 1 . 1 . 3 . [SEP]
LIME (words)Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3.
SHAP (words)Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats. This issue affects Posts and Users Stats: from n/ a through 1. 1. 3
lrp-distilbert · Pred=NONE (0) · p=0.96 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Improper Neutralization of Formula Element s in a CSV File vulnerability in Patrick Rob ##recht Posts and User s St ##ats . This issue affects Posts and User s St ##ats : from n / a through 1 . 1 . 3 . [SEP]
LRP (+Pred, pos-only)[CLS] Improper Neutralization of Formula Element s in a CSV File vulnerability in Patrick Rob ##recht Posts and User s St ##ats . This issue affects Posts and User s St ##ats : from n / a through 1 . 1 . 3 . [SEP]
LIME (words)Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3.
SHAP (words)Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats. This issue affects Posts and Users Stats: from n/ a through 1. 1. 3
Download method SVGs Download ALL-in-one SVG
#23 · cve_id CVE-2023-0871 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)XXE inject ▁ ion ▁in ▁ / rt c / post / endpoint ▁in ▁Open M NS ▁Horizon ▁31 . 0 . 8 ▁and ▁versions ▁earlier ▁than ▁32 . 0 . 2 ▁on ▁multiple ▁platforms ▁is ▁vulnerable ▁to ▁XML ▁external ▁entity ▁ ( XXE ▁ ) inject ▁ ion ▁which ▁can ▁be ▁used ▁for ▁instance ▁to ▁force ▁Horizon ▁to ▁make ▁arbitrary HTTP ▁requests ▁to ▁internal ▁and ▁external ▁services . ▁The ▁solution ▁is ▁to ▁upgrade ▁to ▁Meridian ▁20 23 . 1 . 6 ▁20 22 . 1 . 19 ▁20 21 . 1 . 30 ▁2020 . 1 . 38 ▁or ▁Horizon ▁32 . 0 . 2 ▁or ▁newer . ▁Meridian ▁and ▁Horizon ▁installation ▁instructions ▁state ▁that ▁they ▁are ▁intended ▁for ▁installation ▁within ▁an ▁organization ' s ▁private ▁networks ▁and ▁should ▁not ▁be ▁directly ▁ acce ssi ▁ ble ▁from ▁the ▁Internet . ▁Open NMS ▁thanks ▁Erik ▁Wy n ter ▁and ▁Moshe ▁A pel baum ▁for ▁reporting ▁this ▁issue . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6 2022.1.19 2021.1.30 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.
SHAP (words)XXE injection in / rtc/ post/ endpoint in OpenMNS Horizon 31. 0. 8 and versions earlier than 32. 0. 2 on multiple platforms is vulnerable to XML external entity ( XXE) injection which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023. 1. 6 2022. 1. 19 2021. 1. 30 2020. 1. 38 or Horizon 32. 0. 2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization' s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] XXE inject ion in / r ##t ##c / post / endpoint in Open ##M NS Horizon 31 . 0 . 8 and versions earlier than 32 . 0 . 2 on m ##ult ip le platforms is vulnerable to XML external entity ( XXE ) inject ion which can be used for instance to force Horizon to make arbitrary HTTP requests to int er ##nal and external services . The solution is to upgrade to Meridian 202 ##3 . 1 . 6 202 ##2 . 1 . 19 202 ##1 . 1 . 30 2020 . 1 . 38 or Horizon 32 . 0 . 2 or newer . Meridian and Horizon installation in struct ions state that they are int ended for installation within an organization ' s private networks and should not be directly a ##cc ##e ssi b ##le from the Internet . Open NMS thanks Erik W ##yn ##ter and Mo ##she A ##pel ##baum for reporting this issue . [SEP]
LRP (+Pred, pos-only)[CLS] XXE inject ion in / r ##t ##c / post / endpoint in Open ##M NS Horizon 31 . 0 . 8 and versions earlier than 32 . 0 . 2 on m ##ult ip le platforms is vulnerable to XML external entity ( XXE ) inject ion which can be used for instance to force Horizon to make arbitrary HTTP requests to int er ##nal and external services . The solution is to upgrade to Meridian 202 ##3 . 1 . 6 202 ##2 . 1 . 19 202 ##1 . 1 . 30 2020 . 1 . 38 or Horizon 32 . 0 . 2 or newer . Meridian and Horizon installation in struct ions state that they are int ended for installation within an organization ' s private networks and should not be directly a ##cc ##e ssi b ##le from the Internet . Open NMS thanks Erik W ##yn ##ter and Mo ##she A ##pel ##baum for reporting this issue . [SEP]
LIME (words)XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6 2022.1.19 2021.1.30 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.
SHAP (words)XXE injection in / rtc/ post/ endpoint in OpenMNS Horizon 31. 0. 8 and versions earlier than 32. 0. 2 on multiple platforms is vulnerable to XML external entity ( XXE) injection which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023. 1. 6 2022. 1. 19 2021. 1. 30 2020. 1. 38 or Horizon 32. 0. 2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization' s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue
lrp-distilbert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] XXE inject ion in / r ##t ##c / post / endpoint in Open ##M NS Horizon 31 . 0 . 8 and versions earlier than 32 . 0 . 2 on m ##ult ip le platforms is vulnerable to XML external entity ( XXE ) inject ion which can be used for instance to force Horizon to make arbitrary HTTP requests to int er ##nal and external services . The solution is to upgrade to Meridian 202 ##3 . 1 . 6 202 ##2 . 1 . 19 202 ##1 . 1 . 30 2020 . 1 . 38 or Horizon 32 . 0 . 2 or newer . Meridian and Horizon installation in struct ions state that they are int ended for installation within an organization ' s private networks and should not be directly a ##cc ##e ssi b ##le from the Internet . Open NMS thanks Erik W ##yn ##ter and Mo ##she A ##pel ##baum for reporting this issue . [SEP]
LRP (+Pred, pos-only)[CLS] XXE inject ion in / r ##t ##c / post / endpoint in Open ##M NS Horizon 31 . 0 . 8 and versions earlier than 32 . 0 . 2 on m ##ult ip le platforms is vulnerable to XML external entity ( XXE ) inject ion which can be used for instance to force Horizon to make arbitrary HTTP requests to int er ##nal and external services . The solution is to upgrade to Meridian 202 ##3 . 1 . 6 202 ##2 . 1 . 19 202 ##1 . 1 . 30 2020 . 1 . 38 or Horizon 32 . 0 . 2 or newer . Meridian and Horizon installation in struct ions state that they are int ended for installation within an organization ' s private networks and should not be directly a ##cc ##e ssi b ##le from the Internet . Open NMS thanks Erik W ##yn ##ter and Mo ##she A ##pel ##baum for reporting this issue . [SEP]
LIME (words)XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6 2022.1.19 2021.1.30 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.
SHAP (words)XXE injection in / rtc/ post/ endpoint in OpenMNS Horizon 31. 0. 8 and versions earlier than 32. 0. 2 on multiple platforms is vulnerable to XML external entity ( XXE) injection which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023. 1. 6 2022. 1. 19 2021. 1. 30 2020. 1. 38 or Horizon 32. 0. 2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization' s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue
Download method SVGs Download ALL-in-one SVG
#24 · cve_id CVE-2021-32509 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Absolute ▁Path Traversal ▁vulnerability ▁in ▁File view Do c ▁in ▁Q SAN Storage Manage ▁ r ▁allows ▁remote authenticated ▁attackers ▁access ▁arbitrary ▁files ▁by injecting ▁the Symbolic ▁Link ▁following ▁the ▁U rl ▁path param ▁ eter . ▁The ▁ ref err ▁ ed ▁vulnerability ▁has ▁been ▁solved ▁with ▁the ▁updated ▁version ▁of ▁Q SAN Storage Manage ▁ r ▁v 3 . 3 . 3 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
SHAP (words)Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3. 3. 3
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Absolute Path Traversal vulnerability in File ##view ##D ##oc in Q SAN Storage Manage r allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the U ##rl path param et ##er . The re ##f err ed vulnerability has been solved with the updated version of Q SAN Storage Manage r v ##3 . 3 . 3 . [SEP]
LRP (+Pred, pos-only)[CLS] Absolute Path Traversal vulnerability in File ##view ##D ##oc in Q SAN Storage Manage r allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the U ##rl path param et ##er . The re ##f err ed vulnerability has been solved with the updated version of Q SAN Storage Manage r v ##3 . 3 . 3 . [SEP]
LIME (words)Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
SHAP (words)Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3. 3. 3
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Absolute Path Traversal vulnerability in File ##view ##D ##oc in Q SAN Storage Manage r allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the U ##rl path param et ##er . The re ##f err ed vulnerability has been solved with the updated version of Q SAN Storage Manage r v ##3 . 3 . 3 . [SEP]
LRP (+Pred, pos-only)[CLS] Absolute Path Traversal vulnerability in File ##view ##D ##oc in Q SAN Storage Manage r allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the U ##rl path param et ##er . The re ##f err ed vulnerability has been solved with the updated version of Q SAN Storage Manage r v ##3 . 3 . 3 . [SEP]
LIME (words)Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
SHAP (words)Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3. 3. 3
Download method SVGs Download ALL-in-one SVG
#25 · cve_id CVE-2022-32430 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁access ▁control ▁issue ▁in ▁Lin CMS ▁Spring Boot ▁v 0 . 2 . 1 ▁allows ▁attackers ▁to ▁access ▁the backend ▁in for matio ▁ n ▁and ▁functions ▁within ▁the ▁application . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.
SHAP (words)An access control issue in Lin CMS Spring Boot v0. 2. 1 allows attackers to access the backend information and functions within the application
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An access control issue in Lin CMS Spring Boot v ##0 . 2 . 1 allows attackers to access the backend info ##r matio n and functions within the application . [SEP]
LRP (+Pred, pos-only)[CLS] An access control issue in Lin CMS Spring Boot v ##0 . 2 . 1 allows attackers to access the backend info ##r matio n and functions within the application . [SEP]
LIME (words)An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.
SHAP (words)An access control issue in Lin CMS Spring Boot v0. 2. 1 allows attackers to access the backend information and functions within the application
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An access control issue in Lin CMS Spring Boot v ##0 . 2 . 1 allows attackers to access the backend info ##r matio n and functions within the application . [SEP]
LRP (+Pred, pos-only)[CLS] An access control issue in Lin CMS Spring Boot v ##0 . 2 . 1 allows attackers to access the backend info ##r matio n and functions within the application . [SEP]
LIME (words)An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.
SHAP (words)An access control issue in Lin CMS Spring Boot v0. 2. 1 allows attackers to access the backend information and functions within the application
Download method SVGs Download ALL-in-one SVG
#26 · cve_id CVE-2023-41100 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁the ▁ h c apt ▁ cha ▁ ( aka ▁ h C apt ▁ cha ▁for ▁ EXT : form ) ▁extension ▁before ▁2 . 1 . 2 ▁for ▁ TY PO 3 . ▁It ▁fails ▁to ▁check ▁that ▁the ▁required ▁c apt ▁ cha ▁field ▁is ▁submitted ▁in ▁the ▁form ▁data . ▁allowing ▁a ▁remote ▁user ▁to ▁bypass ▁the CAPTCHA ▁check . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.
SHAP (words)An issue was discovered in the hcaptcha ( aka hCaptcha for EXT: form) extension before 2. 1. 2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in the h ##c apt ch ##a ( aka h ##C apt ch ##a for EX T : form ) extension before 2 . 1 . 2 for T ##YP ##O ##3 . It fails to check that the required c apt ch ##a field is submitted in the form data . allowing a remote user to bypass the CAPTCHA check . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in the h ##c apt ch ##a ( aka h ##C apt ch ##a for EX T : form ) extension before 2 . 1 . 2 for T ##YP ##O ##3 . It fails to check that the required c apt ch ##a field is submitted in the form data . allowing a remote user to bypass the CAPTCHA check . [SEP]
LIME (words)An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.
SHAP (words)An issue was discovered in the hcaptcha ( aka hCaptcha for EXT: form) extension before 2. 1. 2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check
lrp-distilbert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in the h ##c apt ch ##a ( aka h ##C apt ch ##a for EX T : form ) extension before 2 . 1 . 2 for T ##YP ##O ##3 . It fails to check that the required c apt ch ##a field is submitted in the form data . allowing a remote user to bypass the CAPTCHA check . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in the h ##c apt ch ##a ( aka h ##C apt ch ##a for EX T : form ) extension before 2 . 1 . 2 for T ##YP ##O ##3 . It fails to check that the required c apt ch ##a field is submitted in the form data . allowing a remote user to bypass the CAPTCHA check . [SEP]
LIME (words)An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.
SHAP (words)An issue was discovered in the hcaptcha ( aka hCaptcha for EXT: form) extension before 2. 1. 2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check
Download method SVGs Download ALL-in-one SVG
#27 · cve_id CVE-2014-125001 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁vulnerability ▁ cla ssi ▁ fi ed ▁as ▁critical ▁has ▁been ▁found ▁in ▁Card o ▁Systems ▁Sca la ▁Rider ▁Q 3 . Affected ▁is ▁the ▁file ▁ / card o / api ▁of ▁the ▁Card o - Updater ▁ . Unauthenticated ▁remote ▁code ▁execution ▁with ▁root permissions ▁is ▁po ssi ▁ ble . Firewall ▁ ing ▁or disabling ▁the ▁service ▁is ▁recommended . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.
SHAP (words)A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file / cardo/ api of the Cardo- Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended
lrp-bert · Pred=NONE (0) · p=0.98 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability c ##la ssi fi ##ed as critical has been found in Card ##o Systems Sc ##ala Rider Q ##3 . Affected is the file / card ##o / api of the Card ##o - Updater . Unauthenticated remote code exec u ##tion with root permissions is p ##o ssi b ##le . Firewall ing or disabling the service is recommended . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability c ##la ssi fi ##ed as critical has been found in Card ##o Systems Sc ##ala Rider Q ##3 . Affected is the file / card ##o / api of the Card ##o - Updater . Unauthenticated remote code exec u ##tion with root permissions is p ##o ssi b ##le . Firewall ing or disabling the service is recommended . [SEP]
LIME (words)A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.
SHAP (words)A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file / cardo/ api of the Cardo- Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability c ##la ssi fi ##ed as critical has been found in Card ##o Systems Sc ##ala Rider Q ##3 . Affected is the file / card ##o / api of the Card ##o - Updater . Unauthenticated remote code exec u ##tion with root permissions is p ##o ssi b ##le . Firewall ing or disabling the service is recommended . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability c ##la ssi fi ##ed as critical has been found in Card ##o Systems Sc ##ala Rider Q ##3 . Affected is the file / card ##o / api of the Card ##o - Updater . Unauthenticated remote code exec u ##tion with root permissions is p ##o ssi b ##le . Firewall ing or disabling the service is recommended . [SEP]
LIME (words)A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.
SHAP (words)A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file / cardo/ api of the Cardo- Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended
Download method SVGs Download ALL-in-one SVG
#28 · cve_id CVE-2018-7082 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁command inject ▁ ion ▁vulnerability ▁is ▁present ▁in Aruba Instant ▁that ▁permits ▁an authenticated admin ▁is tra tive ▁user ▁to ▁execute ▁arbitrary ▁commands ▁on ▁the ▁underlying ▁operating ▁system . ▁A malicious admin ▁is t rator ▁could ▁use ▁this ▁ability ▁to ▁install backdoor ▁ s ▁or ▁change ▁system ▁configuration ▁in ▁a ▁way ▁that ▁would ▁not ▁be ▁logged . ▁Work around : ▁None . ▁Resolution : Fixed ▁in Aruba Instant ▁4 . 2 . 4 . 12 ▁6 . 5 . 4 . 11 ▁8 . 3 . 0 . 6 ▁and ▁8 . 4 . 0 . 0 <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12 6.5.4.11 8.3.0.6 and 8.4.0.0
SHAP (words)A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4. 2. 4. 12 6. 5. 4. 11 8. 3. 0. 6 and 8. 4. 0. 0
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A command inject ion vulnerability is present in Aruba Instant that permits an authenticated admin is ##tra ##tive user to exec u ##te arbitrary commands on the underlying operating system . A malicious admin is ##tra ##tor could use this ability to install backdoor s or change system config u ##ration in a way that would not be logged . Work ##around : None . Resolution : Fixed in Aruba Instant 4 . 2 . 4 . 12 6 . 5 . 4 . 11 8 . 3 . 0 . 6 and 8 . 4 . 0 . 0 [SEP]
LRP (+Pred, pos-only)[CLS] A command inject ion vulnerability is present in Aruba Instant that permits an authenticated admin is ##tra ##tive user to exec u ##te arbitrary commands on the underlying operating system . A malicious admin is ##tra ##tor could use this ability to install backdoor s or change system config u ##ration in a way that would not be logged . Work ##around : None . Resolution : Fixed in Aruba Instant 4 . 2 . 4 . 12 6 . 5 . 4 . 11 8 . 3 . 0 . 6 and 8 . 4 . 0 . 0 [SEP]
LIME (words)A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12 6.5.4.11 8.3.0.6 and 8.4.0.0
SHAP (words)A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4. 2. 4. 12 6. 5. 4. 11 8. 3. 0. 6 and 8. 4. 0. 0
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A command inject ion vulnerability is present in Aruba Instant that permits an authenticated admin is ##tra ##tive user to exec u ##te arbitrary commands on the underlying operating system . A malicious admin is ##tra ##tor could use this ability to install backdoor s or change system config u ##ration in a way that would not be logged . Work ##around : None . Resolution : Fixed in Aruba Instant 4 . 2 . 4 . 12 6 . 5 . 4 . 11 8 . 3 . 0 . 6 and 8 . 4 . 0 . 0 [SEP]
LRP (+Pred, pos-only)[CLS] A command inject ion vulnerability is present in Aruba Instant that permits an authenticated admin is ##tra ##tive user to exec u ##te arbitrary commands on the underlying operating system . A malicious admin is ##tra ##tor could use this ability to install backdoor s or change system config u ##ration in a way that would not be logged . Work ##around : None . Resolution : Fixed in Aruba Instant 4 . 2 . 4 . 12 6 . 5 . 4 . 11 8 . 3 . 0 . 6 and 8 . 4 . 0 . 0 [SEP]
LIME (words)A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12 6.5.4.11 8.3.0.6 and 8.4.0.0
SHAP (words)A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4. 2. 4. 12 6. 5. 4. 11 8. 3. 0. 6 and 8. 4. 0. 0
Download method SVGs Download ALL-in-one SVG
#29 · cve_id CVE-2021-38125 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Unauthenticated ▁remote ▁code ▁execution ▁in ▁Micro ▁Focus ▁Operations ▁Bridge ▁container ized ▁affecting ▁versions ▁20 21 . 05 ▁20 21 . 08 ▁and ▁newer ▁versions ▁of ▁Micro ▁Focus ▁Operations ▁Bridge ▁container ized ▁if ▁the ▁deployment ▁was ▁upgraded ▁from ▁20 21 . 05 ▁or ▁20 21 . 08 . ▁The ▁vulnerability ▁could ▁be ▁exploited ▁to unauthenticated ▁remote ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Unauthenticated remote code execution in Micro Focus Operations Bridge containerized affecting versions 2021.05 2021.08 and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.
SHAP (words)Unauthenticated remote code execution in Micro Focus Operations Bridge containerized affecting versions 2021. 05 2021. 08 and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021. 05 or 2021. 08. The vulnerability could be exploited to unauthenticated remote code execution
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Unauthenticated remote code exec u ##tion in Micro Focus Operations Bridge container ##ized affecting versions 202 ##1 . 05 202 ##1 . 08 and newer versions of Micro Focus Operations Bridge container ##ized if the deployment was upgraded from 202 ##1 . 05 or 202 ##1 . 08 . The vulnerability could be ex ##p ##lo ite d to unauthenticated remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Unauthenticated remote code exec u ##tion in Micro Focus Operations Bridge container ##ized affecting versions 202 ##1 . 05 202 ##1 . 08 and newer versions of Micro Focus Operations Bridge container ##ized if the deployment was upgraded from 202 ##1 . 05 or 202 ##1 . 08 . The vulnerability could be ex ##p ##lo ite d to unauthenticated remote code exec u ##tion . [SEP]
LIME (words)Unauthenticated remote code execution in Micro Focus Operations Bridge containerized affecting versions 2021.05 2021.08 and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.
SHAP (words)Unauthenticated remote code execution in Micro Focus Operations Bridge containerized affecting versions 2021. 05 2021. 08 and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021. 05 or 2021. 08. The vulnerability could be exploited to unauthenticated remote code execution
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Unauthenticated remote code exec u ##tion in Micro Focus Operations Bridge container ##ized affecting versions 202 ##1 . 05 202 ##1 . 08 and newer versions of Micro Focus Operations Bridge container ##ized if the deployment was upgraded from 202 ##1 . 05 or 202 ##1 . 08 . The vulnerability could be ex ##p ##lo ite d to unauthenticated remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Unauthenticated remote code exec u ##tion in Micro Focus Operations Bridge container ##ized affecting versions 202 ##1 . 05 202 ##1 . 08 and newer versions of Micro Focus Operations Bridge container ##ized if the deployment was upgraded from 202 ##1 . 05 or 202 ##1 . 08 . The vulnerability could be ex ##p ##lo ite d to unauthenticated remote code exec u ##tion . [SEP]
LIME (words)Unauthenticated remote code execution in Micro Focus Operations Bridge containerized affecting versions 2021.05 2021.08 and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.
SHAP (words)Unauthenticated remote code execution in Micro Focus Operations Bridge containerized affecting versions 2021. 05 2021. 08 and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021. 05 or 2021. 08. The vulnerability could be exploited to unauthenticated remote code execution
Download method SVGs Download ALL-in-one SVG
#30 · cve_id CVE-2019-6173 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A DLL ▁search ▁path ▁vulnerability ▁could ▁allow ▁privilege escalation ▁in ▁some Lenovo ▁installation ▁packages ▁prior ▁to ▁version ▁1 . 2 . 9 . 3 ▁during ▁installation ▁if ▁an ▁attacker ▁already ▁has admin ▁is tra tive ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1.2.9.3 during installation if an attacker already has administrative privileges.
SHAP (words)A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1. 2. 9. 3 during installation if an attacker already has administrative privileges
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1 . 2 . 9 . 3 d uri ng installation if an attacker already has admin is ##tra ##tive privileges . [SEP]
LRP (+Pred, pos-only)[CLS] A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1 . 2 . 9 . 3 d uri ng installation if an attacker already has admin is ##tra ##tive privileges . [SEP]
LIME (words)A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1.2.9.3 during installation if an attacker already has administrative privileges.
SHAP (words)A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1. 2. 9. 3 during installation if an attacker already has administrative privileges
lrp-distilbert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1 . 2 . 9 . 3 d uri ng installation if an attacker already has admin is ##tra ##tive privileges . [SEP]
LRP (+Pred, pos-only)[CLS] A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1 . 2 . 9 . 3 d uri ng installation if an attacker already has admin is ##tra ##tive privileges . [SEP]
LIME (words)A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1.2.9.3 during installation if an attacker already has administrative privileges.
SHAP (words)A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages prior to version 1. 2. 9. 3 during installation if an attacker already has administrative privileges
Download method SVGs Download ALL-in-one SVG
#31 · cve_id CVE-2020-22312 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A cross-site scripting ▁ ( XSS ▁ ) ▁vulnerability ▁was ▁di sc ▁over ed ▁in ▁the ▁O J / admin ▁ - tool ▁ / cal _ sc ▁or es . php ▁function ▁of ▁H Z NU O J ▁v 1 . 0 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.
SHAP (words)A cross- site scripting ( XSS) vulnerability was discovered in the OJ/ admin- tool / cal_scores. php function of HZNUOJ v1. 0
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A cross-site scripting ( XSS ) vulnerability was di sc over ##ed in the O ##J / admin - tool / ca ##l _ sc ore ##s . php function of H ##Z ##NU ##O ##J v ##1 . 0 . [SEP]
LRP (+Pred, pos-only)[CLS] A cross-site scripting ( XSS ) vulnerability was di sc over ##ed in the O ##J / admin - tool / ca ##l _ sc ore ##s . php function of H ##Z ##NU ##O ##J v ##1 . 0 . [SEP]
LIME (words)A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.
SHAP (words)A cross- site scripting ( XSS) vulnerability was discovered in the OJ/ admin- tool / cal_scores. php function of HZNUOJ v1. 0
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A cross-site scripting ( XSS ) vulnerability was di sc over ##ed in the O ##J / admin - tool / ca ##l _ sc ore ##s . php function of H ##Z ##NU ##O ##J v ##1 . 0 . [SEP]
LRP (+Pred, pos-only)[CLS] A cross-site scripting ( XSS ) vulnerability was di sc over ##ed in the O ##J / admin - tool / ca ##l _ sc ore ##s . php function of H ##Z ##NU ##O ##J v ##1 . 0 . [SEP]
LIME (words)A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.
SHAP (words)A cross- site scripting ( XSS) vulnerability was discovered in the OJ/ admin- tool / cal_scores. php function of HZNUOJ v1. 0
Download method SVGs Download ALL-in-one SVG
#32 · cve_id CVE-2020-36323 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In ▁the ▁standard ▁library ▁in Rust ▁before ▁1 . 52 . 0 ▁there ▁is ▁an ▁optimization ▁for ▁joining ▁strings ▁that ▁can ▁cause uninitialized bytes ▁to ▁be ▁exposed ▁ ( or ▁the ▁program ▁to ▁crash ) ▁if ▁the ▁borrowed ▁string ▁changes ▁after ▁its ▁length ▁is ▁checked . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In the standard library in Rust before 1.52.0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
SHAP (words)In the standard library in Rust before 1. 52. 0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed ( or the program to crash) if the borrowed string changes after its length is checked
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In the standard library in Rust before 1 . 52 . 0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed ( or the program to crash ) if the borrowed string changes after its length is checked . [SEP]
LRP (+Pred, pos-only)[CLS] In the standard library in Rust before 1 . 52 . 0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed ( or the program to crash ) if the borrowed string changes after its length is checked . [SEP]
LIME (words)In the standard library in Rust before 1.52.0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
SHAP (words)In the standard library in Rust before 1. 52. 0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed ( or the program to crash) if the borrowed string changes after its length is checked
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In the standard library in Rust before 1 . 52 . 0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed ( or the program to crash ) if the borrowed string changes after its length is checked . [SEP]
LRP (+Pred, pos-only)[CLS] In the standard library in Rust before 1 . 52 . 0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed ( or the program to crash ) if the borrowed string changes after its length is checked . [SEP]
LIME (words)In the standard library in Rust before 1.52.0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
SHAP (words)In the standard library in Rust before 1. 52. 0 there is an optimization for joining strings that can cause uninitialized bytes to be exposed ( or the program to crash) if the borrowed string changes after its length is checked
Download method SVGs Download ALL-in-one SVG
#33 · cve_id CVE-2010-2538 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Integer overflow ▁in ▁the btrfs ▁_ ioctl ▁_ clo ne ▁function ▁in ▁f s / btrfs ▁ / ioctl ▁ . c ▁in ▁the ▁Linux ▁kernel ▁before ▁2 . 6 . 35 ▁might ▁allow ▁local ▁users ▁to ▁obtain ▁sensitive ▁in for matio ▁ n ▁via ▁a ▁B TR FS _ I OC _ CL ONE _ RAN GE ioctl ▁call . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.
SHAP (words)Integer overflow in the btrfs_ioctl_clone function in fs/ btrfs/ ioctl. c in the Linux kernel before 2. 6. 35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Integer overflow in the btrfs _ ioctl _ clone function in f ##s / btrfs / ioctl . c in the Linux kernel before 2 . 6 . 35 might allow local users to obtain sensitive info ##r matio n via a BT ##R FS _ IO C _ C ##L ##ON ##E _ RA NG E ioctl call . [SEP]
LRP (+Pred, pos-only)[CLS] Integer overflow in the btrfs _ ioctl _ clone function in f ##s / btrfs / ioctl . c in the Linux kernel before 2 . 6 . 35 might allow local users to obtain sensitive info ##r matio n via a BT ##R FS _ IO C _ C ##L ##ON ##E _ RA NG E ioctl call . [SEP]
LIME (words)Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.
SHAP (words)Integer overflow in the btrfs_ioctl_clone function in fs/ btrfs/ ioctl. c in the Linux kernel before 2. 6. 35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Integer overflow in the btrfs _ ioctl _ clone function in f ##s / btrfs / ioctl . c in the Linux kernel before 2 . 6 . 35 might allow local users to obtain sensitive info ##r matio n via a BT ##R FS _ IO C _ C ##L ##ON ##E _ RA NG E ioctl call . [SEP]
LRP (+Pred, pos-only)[CLS] Integer overflow in the btrfs _ ioctl _ clone function in f ##s / btrfs / ioctl . c in the Linux kernel before 2 . 6 . 35 might allow local users to obtain sensitive info ##r matio n via a BT ##R FS _ IO C _ C ##L ##ON ##E _ RA NG E ioctl call . [SEP]
LIME (words)Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.
SHAP (words)Integer overflow in the btrfs_ioctl_clone function in fs/ btrfs/ ioctl. c in the Linux kernel before 2. 6. 35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call
Download method SVGs Download ALL-in-one SVG
#34 · cve_id CVE-2022-28166 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In Brocade SANnav ▁version ▁before SAN ▁N 2 . 2 . 0 . 2 ▁and Brocade SAN ▁Nav ▁before ▁2 . 1 . 1 . 8 ▁the ▁implementation ▁of TLS ▁ / SSL ▁Server ▁Support s ▁the ▁Use ▁of Static ▁Key Cipher ▁ s ▁ ( s sl ▁ - static - key -c ▁ i pher s ) ▁on ▁ports ▁44 3 ▁& ▁180 82 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8 the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
SHAP (words)In Brocade SANnav version before SANN2. 2. 0. 2 and Brocade SANNav before 2. 1. 1. 8 the implementation of TLS/ SSL Server Supports the Use of Static Key Ciphers ( ssl- static- key- ciphers) on ports 443 & 18082
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In Brocade SANnav version before SAN N ##2 . 2 . 0 . 2 and Brocade SAN Na ##v before 2 . 1 . 1 . 8 the implementation of TLS / SSL Server Support ##s the Use of Static Key Cipher s ( s sl - static - key -c ip hers ) on ports 44 ##3 & 1808 ##2 . [SEP]
LRP (+Pred, pos-only)[CLS] In Brocade SANnav version before SAN N ##2 . 2 . 0 . 2 and Brocade SAN Na ##v before 2 . 1 . 1 . 8 the implementation of TLS / SSL Server Support ##s the Use of Static Key Cipher s ( s sl - static - key -c ip hers ) on ports 44 ##3 & 1808 ##2 . [SEP]
LIME (words)In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8 the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
SHAP (words)In Brocade SANnav version before SANN2. 2. 0. 2 and Brocade SANNav before 2. 1. 1. 8 the implementation of TLS/ SSL Server Supports the Use of Static Key Ciphers ( ssl- static- key- ciphers) on ports 443 & 18082
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In Brocade SANnav version before SAN N ##2 . 2 . 0 . 2 and Brocade SAN Na ##v before 2 . 1 . 1 . 8 the implementation of TLS / SSL Server Support ##s the Use of Static Key Cipher s ( s sl - static - key -c ip hers ) on ports 44 ##3 & 1808 ##2 . [SEP]
LRP (+Pred, pos-only)[CLS] In Brocade SANnav version before SAN N ##2 . 2 . 0 . 2 and Brocade SAN Na ##v before 2 . 1 . 1 . 8 the implementation of TLS / SSL Server Support ##s the Use of Static Key Cipher s ( s sl - static - key -c ip hers ) on ports 44 ##3 & 1808 ##2 . [SEP]
LIME (words)In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8 the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
SHAP (words)In Brocade SANnav version before SANN2. 2. 0. 2 and Brocade SANNav before 2. 1. 1. 8 the implementation of TLS/ SSL Server Supports the Use of Static Key Ciphers ( ssl- static- key- ciphers) on ports 443 & 18082
Download method SVGs Download ALL-in-one SVG
#35 · cve_id CVE-2021-21938 · ui
GT=REQUIRED (1)
xlnet · Pred=NONE (0) · p=0.92 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A heap-based ▁buffer overflow ▁vulnerability ▁exists ▁in ▁the ▁Pal ette ▁box parser ▁functionality ▁of Accusoft ImageGear ▁19 . 10 . ▁A specially-crafted ▁file ▁can ▁lead ▁to ▁code ▁execution . ▁An ▁attacker ▁can ▁provide ▁a malicious ▁file ▁to ▁trigger ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
SHAP (words)A heap- based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19. 10. A specially- crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A heap-based buffer overflow vulnerability exists in the Pa ##lette box parser functionality of Accusoft ImageGear 19 . 10 . A specially-crafted file can lead to code exec u ##tion . An attacker can provide a malicious file to trigger this vulnerability . [SEP]
LRP (+Pred, pos-only)[CLS] A heap-based buffer overflow vulnerability exists in the Pa ##lette box parser functionality of Accusoft ImageGear 19 . 10 . A specially-crafted file can lead to code exec u ##tion . An attacker can provide a malicious file to trigger this vulnerability . [SEP]
LIME (words)A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
SHAP (words)A heap- based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19. 10. A specially- crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability
lrp-distilbert · Pred=NONE (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A heap-based buffer overflow vulnerability exists in the Pa ##lette box parser functionality of Accusoft ImageGear 19 . 10 . A specially-crafted file can lead to code exec u ##tion . An attacker can provide a malicious file to trigger this vulnerability . [SEP]
LRP (+Pred, pos-only)[CLS] A heap-based buffer overflow vulnerability exists in the Pa ##lette box parser functionality of Accusoft ImageGear 19 . 10 . A specially-crafted file can lead to code exec u ##tion . An attacker can provide a malicious file to trigger this vulnerability . [SEP]
LIME (words)A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
SHAP (words)A heap- based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19. 10. A specially- crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability
Download method SVGs Download ALL-in-one SVG
#36 · cve_id CVE-2023-49794 · ui
GT=REQUIRED (1)
xlnet · Pred=NONE (0) · p=1.00 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Kernel ▁ SU ▁is ▁a Kernel ▁ - based ▁root ▁solution ▁for ▁Android ▁devices . ▁In ▁versions ▁0 . 7 . 1 ▁and ▁prior ▁the ▁logic ▁of ▁get apk ▁path ▁in Kernel ▁ SU ▁kernel ▁module ▁can ▁be bypassed ▁which ▁causes ▁any malicious apk ▁named ▁` me . wei shu . kernels ▁ u ` ▁get ▁root ▁per mi ssi ▁on . ▁If ▁a Kernel ▁ SU ▁module ▁installed ▁device ▁try ▁to ▁install ▁any ▁not ▁checked apk ▁which ▁package ▁name ▁equal ▁to ▁the ▁official Kernel ▁ SU Manage ▁ r ▁it ▁can ▁take ▁over ▁root ▁privileges ▁on ▁the ▁device . ▁As ▁of ▁time ▁of ▁publication ▁a patched ▁version ▁is ▁not ▁available . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior the logic of get apk path in KernelSU kernel module can be bypassed which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager it can take over root privileges on the device. As of time of publication a patched version is not available.
SHAP (words)KernelSU is a Kernel- based root solution for Android devices. In versions 0. 7. 1 and prior the logic of get apk path in KernelSU kernel module can be bypassed which causes any malicious apk named ` me. weishu. kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager it can take over root privileges on the device. As of time of publication a patched version is not available
lrp-bert · Pred=NONE (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Kernel S ##U is a Kernel - based root solution for Android dev ice ##s . In versions 0 . 7 . 1 and prior the logic of get apk path in Kernel S ##U kernel mod ul ##e can be bypassed which causes any malicious apk named ` me . we ##ish ##u . kernels u ` get root per ##mi ssi on . If a Kernel S ##U mod ul ##e installed dev ice try to install any not checked apk which package name equal to the official Kernel S ##U Manage r it can take over root privileges on the dev ice . As of time of publication a patched version is not available . [SEP]
LRP (+Pred, pos-only)[CLS] Kernel S ##U is a Kernel - based root solution for Android dev ice ##s . In versions 0 . 7 . 1 and prior the logic of get apk path in Kernel S ##U kernel mod ul ##e can be bypassed which causes any malicious apk named ` me . we ##ish ##u . kernels u ` get root per ##mi ssi on . If a Kernel S ##U mod ul ##e installed dev ice try to install any not checked apk which package name equal to the official Kernel S ##U Manage r it can take over root privileges on the dev ice . As of time of publication a patched version is not available . [SEP]
LIME (words)KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior the logic of get apk path in KernelSU kernel module can be bypassed which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager it can take over root privileges on the device. As of time of publication a patched version is not available.
SHAP (words)KernelSU is a Kernel- based root solution for Android devices. In versions 0. 7. 1 and prior the logic of get apk path in KernelSU kernel module can be bypassed which causes any malicious apk named ` me. weishu. kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager it can take over root privileges on the device. As of time of publication a patched version is not available
lrp-distilbert · Pred=NONE (0) · p=1.00 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Kernel S ##U is a Kernel - based root solution for Android dev ice ##s . In versions 0 . 7 . 1 and prior the logic of get apk path in Kernel S ##U kernel mod ul ##e can be bypassed which causes any malicious apk named ` me . we ##ish ##u . kernels u ` get root per ##mi ssi on . If a Kernel S ##U mod ul ##e installed dev ice try to install any not checked apk which package name equal to the official Kernel S ##U Manage r it can take over root privileges on the dev ice . As of time of publication a patched version is not available . [SEP]
LRP (+Pred, pos-only)[CLS] Kernel S ##U is a Kernel - based root solution for Android dev ice ##s . In versions 0 . 7 . 1 and prior the logic of get apk path in Kernel S ##U kernel mod ul ##e can be bypassed which causes any malicious apk named ` me . we ##ish ##u . kernels u ` get root per ##mi ssi on . If a Kernel S ##U mod ul ##e installed dev ice try to install any not checked apk which package name equal to the official Kernel S ##U Manage r it can take over root privileges on the dev ice . As of time of publication a patched version is not available . [SEP]
LIME (words)KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior the logic of get apk path in KernelSU kernel module can be bypassed which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager it can take over root privileges on the device. As of time of publication a patched version is not available.
SHAP (words)KernelSU is a Kernel- based root solution for Android devices. In versions 0. 7. 1 and prior the logic of get apk path in KernelSU kernel module can be bypassed which causes any malicious apk named ` me. weishu. kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager it can take over root privileges on the device. As of time of publication a patched version is not available
Download method SVGs Download ALL-in-one SVG
#37 · cve_id CVE-2023-39369 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Star T r init ▁ y ▁Soft s witch ▁version ▁20 23 - 02 - 16 ▁ - ▁Multiple Reflected XSS ▁ ( C WE - 79 ) <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79)
SHAP (words)StarTrinity Softswitch version 2023- 02- 16 - Multiple Reflected XSS ( CWE- 79
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] S tar T ##r init y Soft ##s ##witch version 202 ##3 - 02 - 16 - Mu ##lt ip le Reflected XSS ( CW ##E - 79 ) [SEP]
LRP (+Pred, pos-only)[CLS] S tar T ##r init y Soft ##s ##witch version 202 ##3 - 02 - 16 - Mu ##lt ip le Reflected XSS ( CW ##E - 79 ) [SEP]
LIME (words)StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79)
SHAP (words)StarTrinity Softswitch version 2023- 02- 16 - Multiple Reflected XSS ( CWE- 79
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] S tar T ##r init y Soft ##s ##witch version 202 ##3 - 02 - 16 - Mu ##lt ip le Reflected XSS ( CW ##E - 79 ) [SEP]
LRP (+Pred, pos-only)[CLS] S tar T ##r init y Soft ##s ##witch version 202 ##3 - 02 - 16 - Mu ##lt ip le Reflected XSS ( CW ##E - 79 ) [SEP]
LIME (words)StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79)
SHAP (words)StarTrinity Softswitch version 2023- 02- 16 - Multiple Reflected XSS ( CWE- 79
Download method SVGs Download ALL-in-one SVG
#38 · cve_id CVE-2023-36144 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An authentication ▁bypass ▁in Intelbras Switch ▁ SG ▁24 04 ▁ MR ▁in firmware ▁1 . 00 . 54 ▁allows ▁an unauthenticated ▁attacker ▁to ▁download ▁the ▁backup ▁file ▁of ▁the ▁device ▁exposing ▁critical ▁in for matio ▁ n ▁about ▁the ▁device ▁configuration . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device exposing critical information about the device configuration.
SHAP (words)An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1. 00. 54 allows an unauthenticated attacker to download the backup file of the device exposing critical information about the device configuration
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An authentication bypass in Intelbras Switch S ##G 240 ##4 MR in firmware 1 . 00 . 54 allows an unauthenticated attacker to download the backup file of the dev ice exposing critical info ##r matio n about the dev ice config u ##ration . [SEP]
LRP (+Pred, pos-only)[CLS] An authentication bypass in Intelbras Switch S ##G 240 ##4 MR in firmware 1 . 00 . 54 allows an unauthenticated attacker to download the backup file of the dev ice exposing critical info ##r matio n about the dev ice config u ##ration . [SEP]
LIME (words)An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device exposing critical information about the device configuration.
SHAP (words)An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1. 00. 54 allows an unauthenticated attacker to download the backup file of the device exposing critical information about the device configuration
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An authentication bypass in Intelbras Switch S ##G 240 ##4 MR in firmware 1 . 00 . 54 allows an unauthenticated attacker to download the backup file of the dev ice exposing critical info ##r matio n about the dev ice config u ##ration . [SEP]
LRP (+Pred, pos-only)[CLS] An authentication bypass in Intelbras Switch S ##G 240 ##4 MR in firmware 1 . 00 . 54 allows an unauthenticated attacker to download the backup file of the dev ice exposing critical info ##r matio n about the dev ice config u ##ration . [SEP]
LIME (words)An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device exposing critical information about the device configuration.
SHAP (words)An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1. 00. 54 allows an unauthenticated attacker to download the backup file of the device exposing critical information about the device configuration
Download method SVGs Download ALL-in-one SVG
#39 · cve_id CVE-2020-35979 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁in GPAC ▁version ▁0 . 8 . 0 ▁and ▁1 . 0 . 1 . ▁There ▁is heap-based ▁buffer overflow ▁in ▁the ▁function ▁ g p _ rt p _ builder _ do _ av c ( ) ▁in ▁ ie t f / rt p _ p ck _ mp eg 4 . c . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
SHAP (words)An issue was discovered in GPAC version 0. 8. 0 and 1. 0. 1. There is heap- based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/ rtp_pck_mpeg4. c
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in GPAC version 0 . 8 . 0 and 1 . 0 . 1 . There is heap-based buffer overflow in the function g ##p _ r ##t ##p _ builder _ do _ a ##v ##c ( ) in i ##et ##f / r ##t ##p _ p ##ck _ m ##pe ##g ##4 . c . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in GPAC version 0 . 8 . 0 and 1 . 0 . 1 . There is heap-based buffer overflow in the function g ##p _ r ##t ##p _ builder _ do _ a ##v ##c ( ) in i ##et ##f / r ##t ##p _ p ##ck _ m ##pe ##g ##4 . c . [SEP]
LIME (words)An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
SHAP (words)An issue was discovered in GPAC version 0. 8. 0 and 1. 0. 1. There is heap- based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/ rtp_pck_mpeg4. c
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in GPAC version 0 . 8 . 0 and 1 . 0 . 1 . There is heap-based buffer overflow in the function g ##p _ r ##t ##p _ builder _ do _ a ##v ##c ( ) in i ##et ##f / r ##t ##p _ p ##ck _ m ##pe ##g ##4 . c . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in GPAC version 0 . 8 . 0 and 1 . 0 . 1 . There is heap-based buffer overflow in the function g ##p _ r ##t ##p _ builder _ do _ a ##v ##c ( ) in i ##et ##f / r ##t ##p _ p ##ck _ m ##pe ##g ##4 . c . [SEP]
LIME (words)An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
SHAP (words)An issue was discovered in GPAC version 0. 8. 0 and 1. 0. 1. There is heap- based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/ rtp_pck_mpeg4. c
Download method SVGs Download ALL-in-one SVG
#40 · cve_id CVE-2021-41292 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁ ECO A BAS ▁controller ▁suffers ▁from ▁an authentication ▁bypass ▁vulnerability . ▁An unauthenticated ▁attacker ▁through ▁cookie ▁poisoning ▁can ▁remotely ▁bypass authentication ▁and disclose ▁sensitive ▁in for matio ▁ n ▁and circumvent ▁physical ▁access ▁controls ▁in ▁smart ▁homes ▁and ▁buildings ▁and ▁manipulate ▁H VA C . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.
SHAP (words)ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] EC OA BAS controller suffers from an authentication bypass vulnerability . An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive info ##r matio n and circumvent physical access controls in smart homes and buildings and man ip ul ##ate H ##VA ##C . [SEP]
LRP (+Pred, pos-only)[CLS] EC OA BAS controller suffers from an authentication bypass vulnerability . An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive info ##r matio n and circumvent physical access controls in smart homes and buildings and man ip ul ##ate H ##VA ##C . [SEP]
LIME (words)ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.
SHAP (words)ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] EC OA BAS controller suffers from an authentication bypass vulnerability . An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive info ##r matio n and circumvent physical access controls in smart homes and buildings and man ip ul ##ate H ##VA ##C . [SEP]
LRP (+Pred, pos-only)[CLS] EC OA BAS controller suffers from an authentication bypass vulnerability . An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive info ##r matio n and circumvent physical access controls in smart homes and buildings and man ip ul ##ate H ##VA ##C . [SEP]
LIME (words)ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.
SHAP (words)ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC
Download method SVGs Download ALL-in-one SVG
#41 · cve_id CVE-2020-5599 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)TCP ▁ / IP ▁function ▁included ▁in ▁the firmware ▁of ▁Mitsubishi ▁Electric GOT ▁2000 ▁series ▁ ( CoreOS ▁with ▁version ▁ - Y ▁and ▁earlier ▁installed ▁in ▁ GT 27 ▁Model ▁ GT 25 ▁Model ▁and ▁ GT 23 ▁Model ) ▁contains ▁an improper neutralization ▁of ▁argument delimiters ▁in ▁a ▁command ▁ ( ' Argument Injection ▁ ' ) ▁vulnerability ▁which ▁may ▁allow ▁a ▁remote ▁attacker ▁to ▁stop ▁the ▁network ▁functions ▁of ▁the ▁products ▁or ▁execute ▁a malicious ▁program ▁via ▁a spec ▁ i ally ▁crafted ▁packet . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model GT25 Model and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
SHAP (words)TCP/ IP function included in the firmware of Mitsubishi Electric GOT2000 series ( CoreOS with version - Y and earlier installed in GT27 Model GT25 Model and GT23 Model) contains an improper neutralization of argument delimiters in a command (' Argument Injection') vulnerability which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] TCP / IP function included in the firmware of Mitsubishi Electric GOT 2000 series ( CoreOS with version - Y and earlier installed in GT ##27 Model GT ##25 Model and GT ##23 Model ) contains an improper neutralization of argument delimiters in a command ( ' Argument Injection ' ) vulnerability which may allow a remote attacker to stop the network functions of the products or exec u ##te a malicious program via a spec i ##ally crafted packet . [SEP]
LRP (+Pred, pos-only)[CLS] TCP / IP function included in the firmware of Mitsubishi Electric GOT 2000 series ( CoreOS with version - Y and earlier installed in GT ##27 Model GT ##25 Model and GT ##23 Model ) contains an improper neutralization of argument delimiters in a command ( ' Argument Injection ' ) vulnerability which may allow a remote attacker to stop the network functions of the products or exec u ##te a malicious program via a spec i ##ally crafted packet . [SEP]
LIME (words)TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model GT25 Model and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
SHAP (words)TCP/ IP function included in the firmware of Mitsubishi Electric GOT2000 series ( CoreOS with version - Y and earlier installed in GT27 Model GT25 Model and GT23 Model) contains an improper neutralization of argument delimiters in a command (' Argument Injection') vulnerability which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] TCP / IP function included in the firmware of Mitsubishi Electric GOT 2000 series ( CoreOS with version - Y and earlier installed in GT ##27 Model GT ##25 Model and GT ##23 Model ) contains an improper neutralization of argument delimiters in a command ( ' Argument Injection ' ) vulnerability which may allow a remote attacker to stop the network functions of the products or exec u ##te a malicious program via a spec i ##ally crafted packet . [SEP]
LRP (+Pred, pos-only)[CLS] TCP / IP function included in the firmware of Mitsubishi Electric GOT 2000 series ( CoreOS with version - Y and earlier installed in GT ##27 Model GT ##25 Model and GT ##23 Model ) contains an improper neutralization of argument delimiters in a command ( ' Argument Injection ' ) vulnerability which may allow a remote attacker to stop the network functions of the products or exec u ##te a malicious program via a spec i ##ally crafted packet . [SEP]
LIME (words)TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model GT25 Model and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
SHAP (words)TCP/ IP function included in the firmware of Mitsubishi Electric GOT2000 series ( CoreOS with version - Y and earlier installed in GT27 Model GT25 Model and GT23 Model) contains an improper neutralization of argument delimiters in a command (' Argument Injection') vulnerability which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet
Download method SVGs Download ALL-in-one SVG
#42 · cve_id CVE-2020-23582 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁vulnerability ▁in ▁the ▁ " / admin ▁ / wl multi ple ap . a sp " ▁of ▁opt i link ▁ OP - X T 7 1000 N ▁version : ▁V 2 . 2 ▁could ▁allow ▁an unauthenticated ▁remote ▁attacker ▁to ▁conduct ▁a cross-site ▁request forgery ▁ ( CSRF ▁ ) ▁attack ▁to ▁create ▁Multiple WLAN BSS ▁ID . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
SHAP (words)A vulnerability in the "/ admin/ wlmultipleap. asp" of optilink OP- XT71000N version: V2. 2 could allow an unauthenticated remote attacker to conduct a cross- site request forgery ( CSRF) attack to create Multiple WLAN BSSID
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability in the " / admin / w ##lm ##ult ip leap . as ##p " of op ##til ##ink O ##P - X ##T ##7 ##100 ##0 ##N version : V ##2 . 2 could allow an unauthenticated remote attacker to conduct a cross-site request forgery ( CSRF ) attack to create Mu ##lt ip le WLAN BSS ID . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability in the " / admin / w ##lm ##ult ip leap . as ##p " of op ##til ##ink O ##P - X ##T ##7 ##100 ##0 ##N version : V ##2 . 2 could allow an unauthenticated remote attacker to conduct a cross-site request forgery ( CSRF ) attack to create Mu ##lt ip le WLAN BSS ID . [SEP]
LIME (words)A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
SHAP (words)A vulnerability in the "/ admin/ wlmultipleap. asp" of optilink OP- XT71000N version: V2. 2 could allow an unauthenticated remote attacker to conduct a cross- site request forgery ( CSRF) attack to create Multiple WLAN BSSID
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability in the " / admin / w ##lm ##ult ip leap . as ##p " of op ##til ##ink O ##P - X ##T ##7 ##100 ##0 ##N version : V ##2 . 2 could allow an unauthenticated remote attacker to conduct a cross-site request forgery ( CSRF ) attack to create Mu ##lt ip le WLAN BSS ID . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability in the " / admin / w ##lm ##ult ip leap . as ##p " of op ##til ##ink O ##P - X ##T ##7 ##100 ##0 ##N version : V ##2 . 2 could allow an unauthenticated remote attacker to conduct a cross-site request forgery ( CSRF ) attack to create Mu ##lt ip le WLAN BSS ID . [SEP]
LIME (words)A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
SHAP (words)A vulnerability in the "/ admin/ wlmultipleap. asp" of optilink OP- XT71000N version: V2. 2 could allow an unauthenticated remote attacker to conduct a cross- site request forgery ( CSRF) attack to create Multiple WLAN BSSID
Download method SVGs Download ALL-in-one SVG
#43 · cve_id CVE-2022-3058 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Use ▁after ▁free ▁in ▁Sign - In ▁Flow ▁in ▁Google Chrome ▁prior ▁to ▁105 . 0 . 51 95 . 52 ▁allowed ▁a ▁remote ▁attacker ▁who ▁convinced ▁a ▁user ▁to ▁engage ▁in spec ▁ ific UI ▁interactions ▁to ▁potentially ▁exploit ▁heap ▁corruption ▁via ▁crafted UI ▁interaction . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
SHAP (words)Use after free in Sign- In Flow in Google Chrome prior to 105. 0. 5195. 52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Use after free in Sign - In Flow in Google Chrome prior to 105 . 0 . 51 ##9 ##5 . 52 allowed a remote attacker who convinced a user to engage in spec if ##ic UI int era ##ctions to potentially exploit heap corruption via crafted UI int era ##ction . [SEP]
LRP (+Pred, pos-only)[CLS] Use after free in Sign - In Flow in Google Chrome prior to 105 . 0 . 51 ##9 ##5 . 52 allowed a remote attacker who convinced a user to engage in spec if ##ic UI int era ##ctions to potentially exploit heap corruption via crafted UI int era ##ction . [SEP]
LIME (words)Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
SHAP (words)Use after free in Sign- In Flow in Google Chrome prior to 105. 0. 5195. 52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Use after free in Sign - In Flow in Google Chrome prior to 105 . 0 . 51 ##9 ##5 . 52 allowed a remote attacker who convinced a user to engage in spec if ##ic UI int era ##ctions to potentially exploit heap corruption via crafted UI int era ##ction . [SEP]
LRP (+Pred, pos-only)[CLS] Use after free in Sign - In Flow in Google Chrome prior to 105 . 0 . 51 ##9 ##5 . 52 allowed a remote attacker who convinced a user to engage in spec if ##ic UI int era ##ctions to potentially exploit heap corruption via crafted UI int era ##ction . [SEP]
LIME (words)Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
SHAP (words)Use after free in Sign- In Flow in Google Chrome prior to 105. 0. 5195. 52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction
Download method SVGs Download ALL-in-one SVG
#44 · cve_id CVE-2020-16201 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Delta ▁Industrial Automation CNCSoft ScreenEditor Versions ▁1 . 01 . 23 ▁and ▁prior . ▁Multiple out-of-bounds ▁read vulnerabilities ▁may ▁be ▁exploited ▁by ▁pro ce ssi ▁ ng spec ▁ i ally ▁crafted ▁project ▁files ▁which ▁may ▁allow ▁an ▁attacker ▁to ▁read ▁in for matio ▁ n . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files which may allow an attacker to read information.
SHAP (words)Delta Industrial Automation CNCSoft ScreenEditor Versions 1. 01. 23 and prior. Multiple out- of- bounds read vulnerabilities may be exploited by processing specially crafted project files which may allow an attacker to read information
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Delta Industrial Automation CNCSoft ScreenEditor Versions 1 . 01 . 23 and prior . Mu ##lt ip le out-of-bounds read vulnerabilities may be ex ##p ##lo ite d by pro ##ce ssi ng spec i ##ally crafted project files which may allow an attacker to read info ##r matio n . [SEP]
LRP (+Pred, pos-only)[CLS] Delta Industrial Automation CNCSoft ScreenEditor Versions 1 . 01 . 23 and prior . Mu ##lt ip le out-of-bounds read vulnerabilities may be ex ##p ##lo ite d by pro ##ce ssi ng spec i ##ally crafted project files which may allow an attacker to read info ##r matio n . [SEP]
LIME (words)Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files which may allow an attacker to read information.
SHAP (words)Delta Industrial Automation CNCSoft ScreenEditor Versions 1. 01. 23 and prior. Multiple out- of- bounds read vulnerabilities may be exploited by processing specially crafted project files which may allow an attacker to read information
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Delta Industrial Automation CNCSoft ScreenEditor Versions 1 . 01 . 23 and prior . Mu ##lt ip le out-of-bounds read vulnerabilities may be ex ##p ##lo ite d by pro ##ce ssi ng spec i ##ally crafted project files which may allow an attacker to read info ##r matio n . [SEP]
LRP (+Pred, pos-only)[CLS] Delta Industrial Automation CNCSoft ScreenEditor Versions 1 . 01 . 23 and prior . Mu ##lt ip le out-of-bounds read vulnerabilities may be ex ##p ##lo ite d by pro ##ce ssi ng spec i ##ally crafted project files which may allow an attacker to read info ##r matio n . [SEP]
LIME (words)Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files which may allow an attacker to read information.
SHAP (words)Delta Industrial Automation CNCSoft ScreenEditor Versions 1. 01. 23 and prior. Multiple out- of- bounds read vulnerabilities may be exploited by processing specially crafted project files which may allow an attacker to read information
Download method SVGs Download ALL-in-one SVG
#45 · cve_id CVE-2021-44096 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁ EG avi lan ▁Media User ▁ - Registration ▁ - and - Login ▁ - System - With - Admin ▁ - Pan el ▁1 . 0 ▁is ▁vulnerable ▁to ▁ SQL Injection ▁via ▁profile _ action ▁ - ▁update _ user . ▁This ▁allows ▁a ▁remote ▁attacker ▁to ▁compromise ▁Application ▁ SQL ▁database . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database.
SHAP (words)EGavilan Media User- Registration- and- Login- System- With- Admin- Panel 1. 0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] E ##G ##avi ##lan Media User - Registration - and - Login - System - With - Admin - Panel 1 . 0 is vulnerable to SQL Injection via profile _ action - update _ user . This allows a remote attacker to compromise App l ##ica ##tion SQL da tab as ##e . [SEP]
LRP (+Pred, pos-only)[CLS] E ##G ##avi ##lan Media User - Registration - and - Login - System - With - Admin - Panel 1 . 0 is vulnerable to SQL Injection via profile _ action - update _ user . This allows a remote attacker to compromise App l ##ica ##tion SQL da tab as ##e . [SEP]
LIME (words)EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database.
SHAP (words)EGavilan Media User- Registration- and- Login- System- With- Admin- Panel 1. 0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] E ##G ##avi ##lan Media User - Registration - and - Login - System - With - Admin - Panel 1 . 0 is vulnerable to SQL Injection via profile _ action - update _ user . This allows a remote attacker to compromise App l ##ica ##tion SQL da tab as ##e . [SEP]
LRP (+Pred, pos-only)[CLS] E ##G ##avi ##lan Media User - Registration - and - Login - System - With - Admin - Panel 1 . 0 is vulnerable to SQL Injection via profile _ action - update _ user . This allows a remote attacker to compromise App l ##ica ##tion SQL da tab as ##e . [SEP]
LIME (words)EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database.
SHAP (words)EGavilan Media User- Registration- and- Login- System- With- Admin- Panel 1. 0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database
Download method SVGs Download ALL-in-one SVG
#46 · cve_id CVE-2017-2999 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Adobe ▁Flash ▁Player ▁versions ▁24 . 0 . 0 . 221 ▁and ▁earlier ▁have ▁an exploitable ▁memory ▁corruption ▁vulnerability ▁in ▁the Primetime ▁TV SDK ▁functionality ▁related ▁to ▁hosting ▁playback ▁surface . Successful ▁exploitation ▁could ▁lead ▁to ▁arbitrary ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.
SHAP (words)Adobe Flash Player versions 24. 0. 0. 221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Adobe Flash Player versions 24 . 0 . 0 . 221 and earlier have an exploitable memory corruption vulnerability in the Primetime TV SDK functionality related to hosting playback surface . Successful exploitation could lead to arbitrary code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Adobe Flash Player versions 24 . 0 . 0 . 221 and earlier have an exploitable memory corruption vulnerability in the Primetime TV SDK functionality related to hosting playback surface . Successful exploitation could lead to arbitrary code exec u ##tion . [SEP]
LIME (words)Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.
SHAP (words)Adobe Flash Player versions 24. 0. 0. 221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution
lrp-distilbert · Pred=REQUIRED (1) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Adobe Flash Player versions 24 . 0 . 0 . 221 and earlier have an exploitable memory corruption vulnerability in the Primetime TV SDK functionality related to hosting playback surface . Successful exploitation could lead to arbitrary code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Adobe Flash Player versions 24 . 0 . 0 . 221 and earlier have an exploitable memory corruption vulnerability in the Primetime TV SDK functionality related to hosting playback surface . Successful exploitation could lead to arbitrary code exec u ##tion . [SEP]
LIME (words)Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.
SHAP (words)Adobe Flash Player versions 24. 0. 0. 221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution
Download method SVGs Download ALL-in-one SVG
#47 · cve_id CVE-2019-13311 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)ImageMagick ▁7 . 0 . 8 - 50 ▁Q 16 ▁has ▁memory leaks ▁at AcquireMagickMemory ▁because ▁of ▁a ▁ wan d / mo gr ify . c err ▁or . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
SHAP (words)ImageMagick 7. 0. 8- 50 Q16 has memory leaks at AcquireMagickMemory because of a wand/ mogrify. c error
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] ImageMagick 7 . 0 . 8 - 50 Q ##16 has memory leaks at AcquireMagickMemory because of a wa ##nd / m ##og ##ri ##fy . c err or . [SEP]
LRP (+Pred, pos-only)[CLS] ImageMagick 7 . 0 . 8 - 50 Q ##16 has memory leaks at AcquireMagickMemory because of a wa ##nd / m ##og ##ri ##fy . c err or . [SEP]
LIME (words)ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
SHAP (words)ImageMagick 7. 0. 8- 50 Q16 has memory leaks at AcquireMagickMemory because of a wand/ mogrify. c error
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] ImageMagick 7 . 0 . 8 - 50 Q ##16 has memory leaks at AcquireMagickMemory because of a wa ##nd / m ##og ##ri ##fy . c err or . [SEP]
LRP (+Pred, pos-only)[CLS] ImageMagick 7 . 0 . 8 - 50 Q ##16 has memory leaks at AcquireMagickMemory because of a wa ##nd / m ##og ##ri ##fy . c err or . [SEP]
LIME (words)ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
SHAP (words)ImageMagick 7. 0. 8- 50 Q16 has memory leaks at AcquireMagickMemory because of a wand/ mogrify. c error
Download method SVGs Download ALL-in-one SVG
#48 · cve_id CVE-2023-33020 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Trans ient ▁DO S ▁in WLAN ▁Host ▁when ▁an ▁invalid ▁channel ▁ ( like ▁channel ▁out ▁of ▁range ) ▁is ▁received ▁in ▁ STA ▁during ▁ CSA ▁ IE . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
SHAP (words)Transient DOS in WLAN Host when an invalid channel ( like channel out of range) is received in STA during CSA IE
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Trans ##ient DOS in WLAN Host when an invalid channel ( like channel out of range ) is received in S TA d uri ng CS ##A IE . [SEP]
LRP (+Pred, pos-only)[CLS] Trans ##ient DOS in WLAN Host when an invalid channel ( like channel out of range ) is received in S TA d uri ng CS ##A IE . [SEP]
LIME (words)Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
SHAP (words)Transient DOS in WLAN Host when an invalid channel ( like channel out of range) is received in STA during CSA IE
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Trans ##ient DOS in WLAN Host when an invalid channel ( like channel out of range ) is received in S TA d uri ng CS ##A IE . [SEP]
LRP (+Pred, pos-only)[CLS] Trans ##ient DOS in WLAN Host when an invalid channel ( like channel out of range ) is received in S TA d uri ng CS ##A IE . [SEP]
LIME (words)Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
SHAP (words)Transient DOS in WLAN Host when an invalid channel ( like channel out of range) is received in STA during CSA IE
Download method SVGs Download ALL-in-one SVG
#49 · cve_id CVE-2022-45085 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Server-Side Request Forgery ▁ ( SSRF ▁ ) ▁vulnerability ▁in ▁Group ▁Ar ge ▁Energy ▁and ▁Control ▁Systems ▁Smart power ▁Web ▁allows ▁ : ▁Server ▁Side Request Forgery ▁ . This ▁issue ▁affects ▁Smart power ▁Web : ▁before ▁23 . 01 . 01 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01.
SHAP (words)Server- Side Request Forgery ( SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery. This issue affects Smartpower Web: before 23. 01. 01
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Server-Side Request Forgery ( SSRF ) vulnerability in Group A ##rge Energy and Control Systems Smart ##power Web allows : Server Side Request Forgery . This issue affects Smart ##power Web : before 23 . 01 . 01 . [SEP]
LRP (+Pred, pos-only)[CLS] Server-Side Request Forgery ( SSRF ) vulnerability in Group A ##rge Energy and Control Systems Smart ##power Web allows : Server Side Request Forgery . This issue affects Smart ##power Web : before 23 . 01 . 01 . [SEP]
LIME (words)Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01.
SHAP (words)Server- Side Request Forgery ( SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery. This issue affects Smartpower Web: before 23. 01. 01
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Server-Side Request Forgery ( SSRF ) vulnerability in Group A ##rge Energy and Control Systems Smart ##power Web allows : Server Side Request Forgery . This issue affects Smart ##power Web : before 23 . 01 . 01 . [SEP]
LRP (+Pred, pos-only)[CLS] Server-Side Request Forgery ( SSRF ) vulnerability in Group A ##rge Energy and Control Systems Smart ##power Web allows : Server Side Request Forgery . This issue affects Smart ##power Web : before 23 . 01 . 01 . [SEP]
LIME (words)Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01.
SHAP (words)Server- Side Request Forgery ( SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery. This issue affects Smartpower Web: before 23. 01. 01
Download method SVGs Download ALL-in-one SVG
#50 · cve_id CVE-2023-20829 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In ▁ g ps ▁there ▁is ▁a ▁po ssi ▁ ble ▁out ▁of ▁bound s ▁write ▁due ▁to ▁a ▁mi ssi ▁ ng ▁bound s ▁check . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁System ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . ▁Patch ▁ID : ▁AL PS 08 01 41 44 ; ▁Issue ▁ID : ▁AL PS 08 01 41 48 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In gps there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.
SHAP (words)In gps there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In g ##ps there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##80 ##14 ##14 ##4 ; Issue ID : AL ##PS ##0 ##80 ##14 ##14 ##8 . [SEP]
LRP (+Pred, pos-only)[CLS] In g ##ps there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##80 ##14 ##14 ##4 ; Issue ID : AL ##PS ##0 ##80 ##14 ##14 ##8 . [SEP]
LIME (words)In gps there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.
SHAP (words)In gps there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In g ##ps there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##80 ##14 ##14 ##4 ; Issue ID : AL ##PS ##0 ##80 ##14 ##14 ##8 . [SEP]
LRP (+Pred, pos-only)[CLS] In g ##ps there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##80 ##14 ##14 ##4 ; Issue ID : AL ##PS ##0 ##80 ##14 ##14 ##8 . [SEP]
LIME (words)In gps there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.
SHAP (words)In gps there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148
Download method SVGs Download ALL-in-one SVG
#51 · cve_id CVE-2022-45135 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Improper Neutralization ▁of ▁Special ▁ Element s ▁used ▁in ▁an ▁ SQL ▁Command ▁ ( ' SQL Injection ▁ ' ) ▁vulnerability ▁in ▁Apache ▁Co co on . This ▁issue ▁affects ▁Apache ▁Co co on : ▁from ▁2 . 2 . 0 ▁before ▁2 . 3 . 0 . User ▁ s ▁are ▁recommended ▁to ▁upgrade ▁to ▁version ▁2 . 3 . 0 ▁which fixes ▁the ▁issue . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.Users are recommended to upgrade to version 2.3.0 which fixes the issue.
SHAP (words)Improper Neutralization of Special Elements used in an SQL Command (' SQL Injection') vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2. 2. 0 before 2. 3. 0. Users are recommended to upgrade to version 2. 3. 0 which fixes the issue
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Improper Neutralization of Special Element s used in an SQL Command ( ' SQL Injection ' ) vulnerability in Apache Co ##coon . This issue affects Apache Co ##coon : from 2 . 2 . 0 before 2 . 3 . 0 . User s are recommended to upgrade to version 2 . 3 . 0 which fixes the issue . [SEP]
LRP (+Pred, pos-only)[CLS] Improper Neutralization of Special Element s used in an SQL Command ( ' SQL Injection ' ) vulnerability in Apache Co ##coon . This issue affects Apache Co ##coon : from 2 . 2 . 0 before 2 . 3 . 0 . User s are recommended to upgrade to version 2 . 3 . 0 which fixes the issue . [SEP]
LIME (words)Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.Users are recommended to upgrade to version 2.3.0 which fixes the issue.
SHAP (words)Improper Neutralization of Special Elements used in an SQL Command (' SQL Injection') vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2. 2. 0 before 2. 3. 0. Users are recommended to upgrade to version 2. 3. 0 which fixes the issue
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Improper Neutralization of Special Element s used in an SQL Command ( ' SQL Injection ' ) vulnerability in Apache Co ##coon . This issue affects Apache Co ##coon : from 2 . 2 . 0 before 2 . 3 . 0 . User s are recommended to upgrade to version 2 . 3 . 0 which fixes the issue . [SEP]
LRP (+Pred, pos-only)[CLS] Improper Neutralization of Special Element s used in an SQL Command ( ' SQL Injection ' ) vulnerability in Apache Co ##coon . This issue affects Apache Co ##coon : from 2 . 2 . 0 before 2 . 3 . 0 . User s are recommended to upgrade to version 2 . 3 . 0 which fixes the issue . [SEP]
LIME (words)Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.Users are recommended to upgrade to version 2.3.0 which fixes the issue.
SHAP (words)Improper Neutralization of Special Elements used in an SQL Command (' SQL Injection') vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2. 2. 0 before 2. 3. 0. Users are recommended to upgrade to version 2. 3. 0 which fixes the issue
Download method SVGs Download ALL-in-one SVG
#52 · cve_id CVE-2014-6275 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Fusion For ge ▁before ▁5 . 3 . 2 ▁use sc ▁rip t s ▁that ▁run ▁under ▁the ▁shared ▁Apache ▁user ▁which ▁is ▁also ▁used ▁by ▁project homepage ▁ s ▁by ▁default . ▁If ▁project webpage ▁ s ▁are ▁hosted ▁on ▁the ▁same ▁server ▁than ▁Fusion For ge ▁it ▁can ▁allow ▁users ▁to ▁incorrectly ▁access ▁on - dis k ▁private ▁data ▁in ▁Fusion For ge . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)FusionForge before 5.3.2 use scripts that run under the shared Apache user which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge it can allow users to incorrectly access on-disk private data in FusionForge.
SHAP (words)FusionForge before 5. 3. 2 use scripts that run under the shared Apache user which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge it can allow users to incorrectly access on- disk private data in FusionForge
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Fusion ##F ##or ##ge before 5 . 3 . 2 use sc r ip t ##s that run under the shared Apache user which is also used by project homepage s by default . If project webpage s are hosted on the same server than Fusion ##F ##or ##ge it can allow users to incorrectly access on - disk private data in Fusion ##F ##or ##ge . [SEP]
LRP (+Pred, pos-only)[CLS] Fusion ##F ##or ##ge before 5 . 3 . 2 use sc r ip t ##s that run under the shared Apache user which is also used by project homepage s by default . If project webpage s are hosted on the same server than Fusion ##F ##or ##ge it can allow users to incorrectly access on - disk private data in Fusion ##F ##or ##ge . [SEP]
LIME (words)FusionForge before 5.3.2 use scripts that run under the shared Apache user which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge it can allow users to incorrectly access on-disk private data in FusionForge.
SHAP (words)FusionForge before 5. 3. 2 use scripts that run under the shared Apache user which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge it can allow users to incorrectly access on- disk private data in FusionForge
lrp-distilbert · Pred=NONE (0) · p=0.98 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Fusion ##F ##or ##ge before 5 . 3 . 2 use sc r ip t ##s that run under the shared Apache user which is also used by project homepage s by default . If project webpage s are hosted on the same server than Fusion ##F ##or ##ge it can allow users to incorrectly access on - disk private data in Fusion ##F ##or ##ge . [SEP]
LRP (+Pred, pos-only)[CLS] Fusion ##F ##or ##ge before 5 . 3 . 2 use sc r ip t ##s that run under the shared Apache user which is also used by project homepage s by default . If project webpage s are hosted on the same server than Fusion ##F ##or ##ge it can allow users to incorrectly access on - disk private data in Fusion ##F ##or ##ge . [SEP]
LIME (words)FusionForge before 5.3.2 use scripts that run under the shared Apache user which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge it can allow users to incorrectly access on-disk private data in FusionForge.
SHAP (words)FusionForge before 5. 3. 2 use scripts that run under the shared Apache user which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge it can allow users to incorrectly access on- disk private data in FusionForge
Download method SVGs Download ALL-in-one SVG
#53 · cve_id CVE-2023-22411 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An Out-of-Bounds Write ▁vulnerability ▁in ▁Flow Processing ▁Daemon ▁ ( flowd ▁ ) ▁of Juniper ▁Networks Junos ▁OS ▁allows ▁an unauthenticated network-based ▁attacker ▁to ▁cause Denial ▁of ▁Service ▁ ( DoS ▁ ) . ▁On SRX ▁Series ▁devices ▁using ▁Unified ▁Policies ▁with ▁IP v 6 ▁when ▁a spec ▁ ific ▁IP v 6 ▁packet ▁goes ▁through ▁a ▁dynamic - application ▁filter ▁which ▁will ▁generate ▁an ICMP ▁deny ▁message ▁the flowd ▁core ▁is ▁observed ▁and ▁the PFE ▁is restarted ▁ . ▁This ▁issue ▁affects : Juniper ▁Networks Junos ▁OS ▁on SRX ▁Series : ▁19 . 2 ▁versions ▁prior ▁to ▁19 . 2 R 3 - S 6 ; ▁19 . 3 ▁versions ▁prior ▁to ▁19 . 3 R 3 - S 6 ; ▁19 . 4 ▁versions ▁prior ▁to ▁19 . 4 R 3 - S 9 ; ▁20 . 2 ▁versions ▁prior ▁to ▁20 . 2 R 3 - S 5 ; ▁20 . 3 ▁versions ▁prior ▁to ▁20 . 3 R 3 - S 4 ; ▁20 . 4 ▁versions ▁prior ▁to ▁20 . 4 R 3 - S 3 ; ▁21 . 1 ▁versions ▁prior ▁to ▁21 . 1 R 3 ; ▁21 . 2 ▁versions ▁prior ▁to ▁21 . 2 R 3 ; ▁21 . 3 ▁versions ▁prior ▁to ▁21 . 3 R 2 ; ▁21 . 4 ▁versions ▁prior ▁to ▁21 . 4 R 2 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6 when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.
SHAP (words)An Out- of- Bounds Write vulnerability in Flow Processing Daemon ( flowd) of Juniper Networks Junos OS allows an unauthenticated network- based attacker to cause Denial of Service ( DoS). On SRX Series devices using Unified Policies with IPv6 when a specific IPv6 packet goes through a dynamic- application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19. 2 versions prior to 19. 2R3- S6; 19. 3 versions prior to 19. 3R3- S6; 19. 4 versions prior to 19. 4R3- S9; 20. 2 versions prior to 20. 2R3- S5; 20. 3 versions prior to 20. 3R3- S4; 20. 4 versions prior to 20. 4R3- S3; 21. 1 versions prior to 21. 1R3; 21. 2 versions prior to 21. 2R3; 21. 3 versions prior to 21. 3R2; 21. 4 versions prior to 21. 4R2
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An Out-of-Bounds Write vulnerability in Flow Processing Daemon ( flowd ) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause Denial of Service ( DoS ) . On SRX Series dev ice ##s using Unified Pol ##ici ##es with IP ##v ##6 when a spec if ##ic IP ##v ##6 packet goes through a dynamic - application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted . This issue affects : Juniper Networks Junos OS on SRX Series : 19 . 2 versions prior to 19 . 2 ##R ##3 - S ##6 ; 19 . 3 versions prior to 19 . 3 ##R ##3 - S ##6 ; 19 . 4 versions prior to 19 . 4 ##R ##3 - S ##9 ; 20 . 2 versions prior to 20 . 2 ##R ##3 - S ##5 ; 20 . 3 versions prior to 20 . 3 ##R ##3 - S ##4 ; 20 . 4 versions prior to 20 . 4 ##R ##3 - S ##3 ; 21 . 1 versions prior to 21 . 1 ##R ##3 ; 21 . 2 versions prior to 21 . 2 ##R ##3 ; 21 . 3 versions prior to 21 . 3 ##R ##2 ; 21 . 4 versions prior to 21 . 4 ##R ##2 . [SEP]
LRP (+Pred, pos-only)[CLS] An Out-of-Bounds Write vulnerability in Flow Processing Daemon ( flowd ) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause Denial of Service ( DoS ) . On SRX Series dev ice ##s using Unified Pol ##ici ##es with IP ##v ##6 when a spec if ##ic IP ##v ##6 packet goes through a dynamic - application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted . This issue affects : Juniper Networks Junos OS on SRX Series : 19 . 2 versions prior to 19 . 2 ##R ##3 - S ##6 ; 19 . 3 versions prior to 19 . 3 ##R ##3 - S ##6 ; 19 . 4 versions prior to 19 . 4 ##R ##3 - S ##9 ; 20 . 2 versions prior to 20 . 2 ##R ##3 - S ##5 ; 20 . 3 versions prior to 20 . 3 ##R ##3 - S ##4 ; 20 . 4 versions prior to 20 . 4 ##R ##3 - S ##3 ; 21 . 1 versions prior to 21 . 1 ##R ##3 ; 21 . 2 versions prior to 21 . 2 ##R ##3 ; 21 . 3 versions prior to 21 . 3 ##R ##2 ; 21 . 4 versions prior to 21 . 4 ##R ##2 . [SEP]
LIME (words)An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6 when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.
SHAP (words)An Out- of- Bounds Write vulnerability in Flow Processing Daemon ( flowd) of Juniper Networks Junos OS allows an unauthenticated network- based attacker to cause Denial of Service ( DoS). On SRX Series devices using Unified Policies with IPv6 when a specific IPv6 packet goes through a dynamic- application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19. 2 versions prior to 19. 2R3- S6; 19. 3 versions prior to 19. 3R3- S6; 19. 4 versions prior to 19. 4R3- S9; 20. 2 versions prior to 20. 2R3- S5; 20. 3 versions prior to 20. 3R3- S4; 20. 4 versions prior to 20. 4R3- S3; 21. 1 versions prior to 21. 1R3; 21. 2 versions prior to 21. 2R3; 21. 3 versions prior to 21. 3R2; 21. 4 versions prior to 21. 4R2
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An Out-of-Bounds Write vulnerability in Flow Processing Daemon ( flowd ) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause Denial of Service ( DoS ) . On SRX Series dev ice ##s using Unified Pol ##ici ##es with IP ##v ##6 when a spec if ##ic IP ##v ##6 packet goes through a dynamic - application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted . This issue affects : Juniper Networks Junos OS on SRX Series : 19 . 2 versions prior to 19 . 2 ##R ##3 - S ##6 ; 19 . 3 versions prior to 19 . 3 ##R ##3 - S ##6 ; 19 . 4 versions prior to 19 . 4 ##R ##3 - S ##9 ; 20 . 2 versions prior to 20 . 2 ##R ##3 - S ##5 ; 20 . 3 versions prior to 20 . 3 ##R ##3 - S ##4 ; 20 . 4 versions prior to 20 . 4 ##R ##3 - S ##3 ; 21 . 1 versions prior to 21 . 1 ##R ##3 ; 21 . 2 versions prior to 21 . 2 ##R ##3 ; 21 . 3 versions prior to 21 . 3 ##R ##2 ; 21 . 4 versions prior to 21 . 4 ##R ##2 . [SEP]
LRP (+Pred, pos-only)[CLS] An Out-of-Bounds Write vulnerability in Flow Processing Daemon ( flowd ) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause Denial of Service ( DoS ) . On SRX Series dev ice ##s using Unified Pol ##ici ##es with IP ##v ##6 when a spec if ##ic IP ##v ##6 packet goes through a dynamic - application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted . This issue affects : Juniper Networks Junos OS on SRX Series : 19 . 2 versions prior to 19 . 2 ##R ##3 - S ##6 ; 19 . 3 versions prior to 19 . 3 ##R ##3 - S ##6 ; 19 . 4 versions prior to 19 . 4 ##R ##3 - S ##9 ; 20 . 2 versions prior to 20 . 2 ##R ##3 - S ##5 ; 20 . 3 versions prior to 20 . 3 ##R ##3 - S ##4 ; 20 . 4 versions prior to 20 . 4 ##R ##3 - S ##3 ; 21 . 1 versions prior to 21 . 1 ##R ##3 ; 21 . 2 versions prior to 21 . 2 ##R ##3 ; 21 . 3 versions prior to 21 . 3 ##R ##2 ; 21 . 4 versions prior to 21 . 4 ##R ##2 . [SEP]
LIME (words)An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6 when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.
SHAP (words)An Out- of- Bounds Write vulnerability in Flow Processing Daemon ( flowd) of Juniper Networks Junos OS allows an unauthenticated network- based attacker to cause Denial of Service ( DoS). On SRX Series devices using Unified Policies with IPv6 when a specific IPv6 packet goes through a dynamic- application filter which will generate an ICMP deny message the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19. 2 versions prior to 19. 2R3- S6; 19. 3 versions prior to 19. 3R3- S6; 19. 4 versions prior to 19. 4R3- S9; 20. 2 versions prior to 20. 2R3- S5; 20. 3 versions prior to 20. 3R3- S4; 20. 4 versions prior to 20. 4R3- S3; 21. 1 versions prior to 21. 1R3; 21. 2 versions prior to 21. 2R3; 21. 3 versions prior to 21. 3R2; 21. 4 versions prior to 21. 4R2
Download method SVGs Download ALL-in-one SVG
#54 · cve_id CVE-2022-21285 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Vulnerability ▁in ▁the MySQL Cluster ▁product ▁of ▁Oracle MySQL ▁ ( com ponent : Cluster ▁ : ▁General ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁7 . 4 . 34 ▁and ▁prior ▁7 . 5 . 24 ▁and ▁prior ▁7 . 6 . 20 ▁and ▁prior ▁and ▁8 . 0 . 27 ▁and ▁prior . Difficult ▁to ▁exploit ▁vulnerability ▁allows ▁high ▁privileged ▁attacker ▁with ▁access ▁to ▁the ▁physical ▁communication ▁segment ▁attached ▁to ▁the ▁hardware ▁where ▁the MySQL Cluster executes ▁to ▁compromise MySQL Cluster ▁ . Successful ▁attacks ▁require ▁human ▁interaction ▁from ▁a ▁person ▁other ▁than ▁the ▁attacker . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in ▁takeover ▁of MySQL Cluster ▁ . CVSS ▁3 . 1 ▁Base ▁Score ▁6 . 3 ▁ ( Con fid ▁ ential ity Integrity ▁and Availability ▁impacts ) . CVSS Vector ▁ : ▁ ( CVSS ▁ : 3 . 1/ AV : A / AC : H / PR : H / UI ▁ : R / S : U / C : H / I : H / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the MySQL Cluster product of Oracle MySQL ( component: Cluster: General). Supported versions that are affected are 7. 4. 34 and prior 7. 5. 24 and prior 7. 6. 20 and prior and 8. 0. 27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3. 1 Base Score 6. 3 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: A/ AC: H/ PR: H/ UI: R/ S: U/ C: H/ I: H/ A: H
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the MySQL Cluster product of Oracle MySQL ( component : Cluster : General ) . Supported versions that are affected are 7 . 4 . 34 and prior 7 . 5 . 24 and prior 7 . 6 . 20 and prior and 8 . 0 . 27 and prior . Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in takeover of MySQL Cluster . CVSS 3 . 1 Base Score 6 . 3 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : A / AC : H / PR : H / UI : R / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the MySQL Cluster product of Oracle MySQL ( component : Cluster : General ) . Supported versions that are affected are 7 . 4 . 34 and prior 7 . 5 . 24 and prior 7 . 6 . 20 and prior and 8 . 0 . 27 and prior . Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in takeover of MySQL Cluster . CVSS 3 . 1 Base Score 6 . 3 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : A / AC : H / PR : H / UI : R / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the MySQL Cluster product of Oracle MySQL ( component: Cluster: General). Supported versions that are affected are 7. 4. 34 and prior 7. 5. 24 and prior 7. 6. 20 and prior and 8. 0. 27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3. 1 Base Score 6. 3 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: A/ AC: H/ PR: H/ UI: R/ S: U/ C: H/ I: H/ A: H
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the MySQL Cluster product of Oracle MySQL ( component : Cluster : General ) . Supported versions that are affected are 7 . 4 . 34 and prior 7 . 5 . 24 and prior 7 . 6 . 20 and prior and 8 . 0 . 27 and prior . Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in takeover of MySQL Cluster . CVSS 3 . 1 Base Score 6 . 3 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : A / AC : H / PR : H / UI : R / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the MySQL Cluster product of Oracle MySQL ( component : Cluster : General ) . Supported versions that are affected are 7 . 4 . 34 and prior 7 . 5 . 24 and prior 7 . 6 . 20 and prior and 8 . 0 . 27 and prior . Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in takeover of MySQL Cluster . CVSS 3 . 1 Base Score 6 . 3 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : A / AC : H / PR : H / UI : R / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the MySQL Cluster product of Oracle MySQL ( component: Cluster: General). Supported versions that are affected are 7. 4. 34 and prior 7. 5. 24 and prior 7. 6. 20 and prior and 8. 0. 27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3. 1 Base Score 6. 3 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: A/ AC: H/ PR: H/ UI: R/ S: U/ C: H/ I: H/ A: H
Download method SVGs Download ALL-in-one SVG
#55 · cve_id CVE-2019-19810 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Zoom ▁Call ▁Recording ▁6 . 3 . 1 ▁from ▁El ev eo ▁is ▁vulnerable ▁to ▁Java Deserialization ▁attacks ▁targeting ▁the ▁in built RMI ▁service . ▁A ▁remote unauthenticated ▁attacker ▁can ▁exploit ▁this ▁vulnerability ▁by ▁sending ▁crafted RMI ▁requests ▁to ▁execute ▁arbitrary ▁code ▁on ▁the ▁target ▁host . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.
SHAP (words)Zoom Call Recording 6. 3. 1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Zoom Call Recording 6 . 3 . 1 from El ##eve ##o is vulnerable to Java Deserialization attacks tar get ##ing the in ##bu ##ilt RMI service . A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to exec u ##te arbitrary code on the tar get host . [SEP]
LRP (+Pred, pos-only)[CLS] Zoom Call Recording 6 . 3 . 1 from El ##eve ##o is vulnerable to Java Deserialization attacks tar get ##ing the in ##bu ##ilt RMI service . A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to exec u ##te arbitrary code on the tar get host . [SEP]
LIME (words)Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.
SHAP (words)Zoom Call Recording 6. 3. 1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Zoom Call Recording 6 . 3 . 1 from El ##eve ##o is vulnerable to Java Deserialization attacks tar get ##ing the in ##bu ##ilt RMI service . A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to exec u ##te arbitrary code on the tar get host . [SEP]
LRP (+Pred, pos-only)[CLS] Zoom Call Recording 6 . 3 . 1 from El ##eve ##o is vulnerable to Java Deserialization attacks tar get ##ing the in ##bu ##ilt RMI service . A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to exec u ##te arbitrary code on the tar get host . [SEP]
LIME (words)Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.
SHAP (words)Zoom Call Recording 6. 3. 1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host
Download method SVGs Download ALL-in-one SVG
#56 · cve_id CVE-2021-34761 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁vulnerability ▁in Cisco Firepower ▁ Threat ▁Defense ▁ ( FTD ▁ ) ▁Software ▁could ▁allow ▁an authenticated ▁local ▁attacker ▁to overwrite ▁or append ▁arbitrary ▁data ▁to ▁system ▁files ▁using root-level ▁privileges . ▁The ▁attacker ▁must ▁have admin ▁is tra tive credential ▁ s ▁on ▁the ▁device . ▁This ▁vulnerability ▁is ▁due ▁to ▁incomplete validation ▁of ▁user ▁input ▁for ▁a spec ▁ ific CLI ▁command . ▁An ▁attacker ▁could ▁exploit ▁this ▁vulnerability ▁by authenticating ▁to ▁the ▁device ▁with admin ▁is tra tive ▁privileges ▁and ▁issuing ▁a CLI ▁command ▁with ▁crafted ▁user param ▁ eter s . ▁A ▁successful ▁exploit ▁could ▁allow ▁the ▁attacker ▁to overwrite ▁or append ▁arbitrary ▁data ▁to ▁system ▁files ▁using root-level ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
SHAP (words)A vulnerability in Cisco Firepower Threat Defense ( FTD) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root- level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root- level privileges
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability in Cisco Firepower Threat Defense ( FTD ) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root-level privileges . The attacker must have admin is ##tra ##tive credential s on the dev ice . This vulnerability is due to incomplete validation of user input for a spec if ##ic CLI command . An attacker could exploit this vulnerability by authenticating to the dev ice with admin is ##tra ##tive privileges and issuing a CLI command with crafted user param et ##ers . A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability in Cisco Firepower Threat Defense ( FTD ) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root-level privileges . The attacker must have admin is ##tra ##tive credential s on the dev ice . This vulnerability is due to incomplete validation of user input for a spec if ##ic CLI command . An attacker could exploit this vulnerability by authenticating to the dev ice with admin is ##tra ##tive privileges and issuing a CLI command with crafted user param et ##ers . A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges . [SEP]
LIME (words)A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
SHAP (words)A vulnerability in Cisco Firepower Threat Defense ( FTD) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root- level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root- level privileges
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability in Cisco Firepower Threat Defense ( FTD ) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root-level privileges . The attacker must have admin is ##tra ##tive credential s on the dev ice . This vulnerability is due to incomplete validation of user input for a spec if ##ic CLI command . An attacker could exploit this vulnerability by authenticating to the dev ice with admin is ##tra ##tive privileges and issuing a CLI command with crafted user param et ##ers . A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability in Cisco Firepower Threat Defense ( FTD ) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root-level privileges . The attacker must have admin is ##tra ##tive credential s on the dev ice . This vulnerability is due to incomplete validation of user input for a spec if ##ic CLI command . An attacker could exploit this vulnerability by authenticating to the dev ice with admin is ##tra ##tive privileges and issuing a CLI command with crafted user param et ##ers . A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges . [SEP]
LIME (words)A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
SHAP (words)A vulnerability in Cisco Firepower Threat Defense ( FTD) Software could allow an authenticated local attacker to overwrite or append arbitrary data to system files using root- level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root- level privileges
Download method SVGs Download ALL-in-one SVG
#57 · cve_id CVE-2019-19209 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Dolibarr ▁ ERP / CRM ▁before ▁10 . 0 . 3 ▁allows ▁ SQL Injection ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
SHAP (words)Dolibarr ERP/ CRM before 10. 0. 3 allows SQL Injection
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Dolibarr ERP / CRM before 10 . 0 . 3 allows SQL Injection . [SEP]
LRP (+Pred, pos-only)[CLS] Dolibarr ERP / CRM before 10 . 0 . 3 allows SQL Injection . [SEP]
LIME (words)Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
SHAP (words)Dolibarr ERP/ CRM before 10. 0. 3 allows SQL Injection
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Dolibarr ERP / CRM before 10 . 0 . 3 allows SQL Injection . [SEP]
LRP (+Pred, pos-only)[CLS] Dolibarr ERP / CRM before 10 . 0 . 3 allows SQL Injection . [SEP]
LIME (words)Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
SHAP (words)Dolibarr ERP/ CRM before 10. 0. 3 allows SQL Injection
Download method SVGs Download ALL-in-one SVG
#58 · cve_id CVE-2022-1881 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In ▁affected ▁versions ▁of Octopus ▁Server ▁an Insecure ▁Direct ▁ Object Refer ▁ ence ▁vulnerability ▁exists ▁where ▁it ▁is ▁po ssi ▁ ble ▁for ▁a ▁user ▁to ▁download ▁Project Export ▁ s ▁from ▁a ▁Project ▁they ▁do ▁not ▁have permissions ▁to ▁access . ▁This ▁vulnerability ▁only ▁impacts ▁projects ▁within ▁the ▁same ▁Space . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
SHAP (words)In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In affected versions of Octopus Server an Insecure Direct Object Refer en ##ce vulnerability exists where it is p ##o ssi b ##le for a user to download Project Export s from a Project they do not have permissions to access . This vulnerability only impacts projects within the same Space . [SEP]
LRP (+Pred, pos-only)[CLS] In affected versions of Octopus Server an Insecure Direct Object Refer en ##ce vulnerability exists where it is p ##o ssi b ##le for a user to download Project Export s from a Project they do not have permissions to access . This vulnerability only impacts projects within the same Space . [SEP]
LIME (words)In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
SHAP (words)In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In affected versions of Octopus Server an Insecure Direct Object Refer en ##ce vulnerability exists where it is p ##o ssi b ##le for a user to download Project Export s from a Project they do not have permissions to access . This vulnerability only impacts projects within the same Space . [SEP]
LRP (+Pred, pos-only)[CLS] In affected versions of Octopus Server an Insecure Direct Object Refer en ##ce vulnerability exists where it is p ##o ssi b ##le for a user to download Project Export s from a Project they do not have permissions to access . This vulnerability only impacts projects within the same Space . [SEP]
LIME (words)In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
SHAP (words)In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space
Download method SVGs Download ALL-in-one SVG
#59 · cve_id CVE-2001-0682 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)ZoneAlarm ▁and ZoneAlarm ▁Pro ▁allows ▁a ▁local ▁attacker ▁to ▁cause ▁a ▁denial ▁of ▁service ▁by ▁running ▁a ▁ tro jan ▁to initialize ▁a ZoneAlarm mutex ▁object ▁which ▁prevents ZoneAlarm ▁from ▁starting . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
SHAP (words)ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a t ##ro ##jan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from s tar tin ##g . [SEP]
LRP (+Pred, pos-only)[CLS] ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a t ##ro ##jan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from s tar tin ##g . [SEP]
LIME (words)ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
SHAP (words)ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a t ##ro ##jan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from s tar tin ##g . [SEP]
LRP (+Pred, pos-only)[CLS] ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a t ##ro ##jan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from s tar tin ##g . [SEP]
LIME (words)ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
SHAP (words)ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting
Download method SVGs Download ALL-in-one SVG
#60 · cve_id CVE-2022-36729 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Library Manage ▁ ment ▁System ▁v 1 . 0 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁ SQL inject ▁ ion ▁vulnerability ▁via ▁the ▁M _ I d param ▁ eter ▁at ▁ / li br arian / del . php . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php.
SHAP (words)Library Management System v1. 0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at / librarian/ del. php
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Library Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability via the M _ I ##d param et ##er at / librarian / del . php . [SEP]
LRP (+Pred, pos-only)[CLS] Library Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability via the M _ I ##d param et ##er at / librarian / del . php . [SEP]
LIME (words)Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php.
SHAP (words)Library Management System v1. 0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at / librarian/ del. php
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Library Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability via the M _ I ##d param et ##er at / librarian / del . php . [SEP]
LRP (+Pred, pos-only)[CLS] Library Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability via the M _ I ##d param et ##er at / librarian / del . php . [SEP]
LIME (words)Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php.
SHAP (words)Library Management System v1. 0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at / librarian/ del. php
Download method SVGs Download ALL-in-one SVG
#61 · cve_id CVE-2023-32674 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Certain ▁versions ▁of ▁HP ▁PC Hardware Diagnostics ▁Windows ▁are ▁potentially ▁vulnerable ▁to ▁buffer overflow ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.
SHAP (words)Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow . [SEP]
LRP (+Pred, pos-only)[CLS] Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow . [SEP]
LIME (words)Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.
SHAP (words)Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow
lrp-distilbert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow . [SEP]
LRP (+Pred, pos-only)[CLS] Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow . [SEP]
LIME (words)Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.
SHAP (words)Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow
Download method SVGs Download ALL-in-one SVG
#62 · cve_id CVE-2021-36335 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Dell EMC ▁Cloud Link ▁7 . 1 ▁and ▁all ▁prior ▁versions ▁contain ▁an Improper Input Validation Vulnerability ▁ . ▁A ▁remote ▁low ▁privileged ▁attacker ▁may ▁potentially ▁exploit ▁this ▁vulnerability ▁leading ▁to ▁execution ▁of ▁arbitrary ▁files ▁on ▁the ▁server <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker may potentially exploit this vulnerability leading to execution of arbitrary files on the server
SHAP (words)Dell EMC CloudLink 7. 1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker may potentially exploit this vulnerability leading to execution of arbitrary files on the server
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Dell EMC Cloud ##L ##ink 7 . 1 and all prior versions contain an Improper Input Validation Vulnerability . A remote low privileged attacker may potentially exploit this vulnerability leading to exec u ##tion of arbitrary files on the server [SEP]
LRP (+Pred, pos-only)[CLS] Dell EMC Cloud ##L ##ink 7 . 1 and all prior versions contain an Improper Input Validation Vulnerability . A remote low privileged attacker may potentially exploit this vulnerability leading to exec u ##tion of arbitrary files on the server [SEP]
LIME (words)Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker may potentially exploit this vulnerability leading to execution of arbitrary files on the server
SHAP (words)Dell EMC CloudLink 7. 1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker may potentially exploit this vulnerability leading to execution of arbitrary files on the server
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Dell EMC Cloud ##L ##ink 7 . 1 and all prior versions contain an Improper Input Validation Vulnerability . A remote low privileged attacker may potentially exploit this vulnerability leading to exec u ##tion of arbitrary files on the server [SEP]
LRP (+Pred, pos-only)[CLS] Dell EMC Cloud ##L ##ink 7 . 1 and all prior versions contain an Improper Input Validation Vulnerability . A remote low privileged attacker may potentially exploit this vulnerability leading to exec u ##tion of arbitrary files on the server [SEP]
LIME (words)Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker may potentially exploit this vulnerability leading to execution of arbitrary files on the server
SHAP (words)Dell EMC CloudLink 7. 1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker may potentially exploit this vulnerability leading to execution of arbitrary files on the server
Download method SVGs Download ALL-in-one SVG
#63 · cve_id CVE-2022-24293 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Certain ▁HP ▁Print ▁devices ▁may ▁be ▁vulnerable ▁to ▁potential ▁in for matio ▁ n ▁di sc ▁ los ure ▁denial ▁of ▁service ▁or ▁remote ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Certain HP Print devices may be vulnerable to potential information disclosure denial of service or remote code execution.
SHAP (words)Certain HP Print devices may be vulnerable to potential information disclosure denial of service or remote code execution
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Certain HP P ##r int dev ice ##s may be vulnerable to potential info ##r matio n di sc los ##ure denial of service or remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Certain HP P ##r int dev ice ##s may be vulnerable to potential info ##r matio n di sc los ##ure denial of service or remote code exec u ##tion . [SEP]
LIME (words)Certain HP Print devices may be vulnerable to potential information disclosure denial of service or remote code execution.
SHAP (words)Certain HP Print devices may be vulnerable to potential information disclosure denial of service or remote code execution
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Certain HP P ##r int dev ice ##s may be vulnerable to potential info ##r matio n di sc los ##ure denial of service or remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Certain HP P ##r int dev ice ##s may be vulnerable to potential info ##r matio n di sc los ##ure denial of service or remote code exec u ##tion . [SEP]
LIME (words)Certain HP Print devices may be vulnerable to potential information disclosure denial of service or remote code execution.
SHAP (words)Certain HP Print devices may be vulnerable to potential information disclosure denial of service or remote code execution
Download method SVGs Download ALL-in-one SVG
#64 · cve_id CVE-2021-32434 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁a bc m 2 ps ▁v 8 . 14 . 11 ▁was ▁di sc ▁over ed ▁to ▁contain ▁an out-of-bounds ▁read ▁in ▁the ▁function ▁calculate _ beam ▁at ▁draw . c . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.
SHAP (words)abcm2ps v8. 14. 11 was discovered to contain an out- of- bounds read in the function calculate_beam at draw. c
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] a ##b ##c ##m ##2 ##ps v ##8 . 14 . 11 was di sc over ##ed to contain an out-of-bounds read in the function calculate _ beam at draw . c . [SEP]
LRP (+Pred, pos-only)[CLS] a ##b ##c ##m ##2 ##ps v ##8 . 14 . 11 was di sc over ##ed to contain an out-of-bounds read in the function calculate _ beam at draw . c . [SEP]
LIME (words)abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.
SHAP (words)abcm2ps v8. 14. 11 was discovered to contain an out- of- bounds read in the function calculate_beam at draw. c
lrp-distilbert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] a ##b ##c ##m ##2 ##ps v ##8 . 14 . 11 was di sc over ##ed to contain an out-of-bounds read in the function calculate _ beam at draw . c . [SEP]
LRP (+Pred, pos-only)[CLS] a ##b ##c ##m ##2 ##ps v ##8 . 14 . 11 was di sc over ##ed to contain an out-of-bounds read in the function calculate _ beam at draw . c . [SEP]
LIME (words)abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.
SHAP (words)abcm2ps v8. 14. 11 was discovered to contain an out- of- bounds read in the function calculate_beam at draw. c
Download method SVGs Download ALL-in-one SVG
#65 · cve_id CVE-2021-3723 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁command inject ▁ ion ▁vulnerability ▁was ▁reported ▁in ▁the ▁Integrated Manage ▁ ment Module ▁ ( I MM ) ▁of ▁legacy ▁IBM ▁System ▁x ▁35 50 ▁M 3 ▁and ▁IBM ▁System ▁x ▁36 50 ▁M 3 ▁servers ▁that ▁could ▁allow ▁the ▁execution ▁of ▁operating ▁system ▁commands ▁over ▁an authenticated SSH ▁or Telnet ▁ se ssi ▁on . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.
SHAP (words)A command injection vulnerability was reported in the Integrated Management Module ( IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A command inject ion vulnerability was reported in the Integrated Manage men ##t Module ( IM M ) of legacy I BM System x 35 ##50 M ##3 and I BM System x 365 ##0 M ##3 servers that could allow the exec u ##tion of operating system commands over an authenticated SSH or Telnet se ssi on . [SEP]
LRP (+Pred, pos-only)[CLS] A command inject ion vulnerability was reported in the Integrated Manage men ##t Module ( IM M ) of legacy I BM System x 35 ##50 M ##3 and I BM System x 365 ##0 M ##3 servers that could allow the exec u ##tion of operating system commands over an authenticated SSH or Telnet se ssi on . [SEP]
LIME (words)A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.
SHAP (words)A command injection vulnerability was reported in the Integrated Management Module ( IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A command inject ion vulnerability was reported in the Integrated Manage men ##t Module ( IM M ) of legacy I BM System x 35 ##50 M ##3 and I BM System x 365 ##0 M ##3 servers that could allow the exec u ##tion of operating system commands over an authenticated SSH or Telnet se ssi on . [SEP]
LRP (+Pred, pos-only)[CLS] A command inject ion vulnerability was reported in the Integrated Manage men ##t Module ( IM M ) of legacy I BM System x 35 ##50 M ##3 and I BM System x 365 ##0 M ##3 servers that could allow the exec u ##tion of operating system commands over an authenticated SSH or Telnet se ssi on . [SEP]
LIME (words)A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.
SHAP (words)A command injection vulnerability was reported in the Integrated Management Module ( IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session
Download method SVGs Download ALL-in-one SVG
#66 · cve_id CVE-2013-2011 · ui
GT=REQUIRED (1)
xlnet · Pred=NONE (0) · p=1.00 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)WordPress ▁W 3 ▁Super Cache Plugin ▁before ▁1 . 3 . 2 ▁contains ▁a PHP code-execution ▁vulnerability ▁which ▁could ▁allow ▁remote ▁attackers ▁to inject ▁arbitrary ▁code . ▁This ▁issue ▁exists ▁because ▁of ▁an ▁incomplete ▁fix ▁for CVE ▁ - 2013 - 2009 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
SHAP (words)WordPress W3 Super Cache Plugin before 1. 3. 2 contains a PHP code- execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE- 2013- 2009
lrp-bert · Pred=NONE (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] WordPress W ##3 Super Cache Plugin before 1 . 3 . 2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code . This issue exists because of an incomplete fix for CVE - 2013 - 2009 . [SEP]
LRP (+Pred, pos-only)[CLS] WordPress W ##3 Super Cache Plugin before 1 . 3 . 2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code . This issue exists because of an incomplete fix for CVE - 2013 - 2009 . [SEP]
LIME (words)WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
SHAP (words)WordPress W3 Super Cache Plugin before 1. 3. 2 contains a PHP code- execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE- 2013- 2009
lrp-distilbert · Pred=NONE (0) · p=1.00 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] WordPress W ##3 Super Cache Plugin before 1 . 3 . 2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code . This issue exists because of an incomplete fix for CVE - 2013 - 2009 . [SEP]
LRP (+Pred, pos-only)[CLS] WordPress W ##3 Super Cache Plugin before 1 . 3 . 2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code . This issue exists because of an incomplete fix for CVE - 2013 - 2009 . [SEP]
LIME (words)WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
SHAP (words)WordPress W3 Super Cache Plugin before 1. 3. 2 contains a PHP code- execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE- 2013- 2009
Download method SVGs Download ALL-in-one SVG
#67 · cve_id CVE-2021-46444 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁H . H . G ▁Multi store ▁v 5 . 1 . 0 ▁and ▁below ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁ SQL inject ▁ ion ▁vulnerability ▁via ▁ / admin ▁ / admin ▁ . php ? mod ule = admin ▁_ group _ edit & ag ID . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.
SHAP (words)H. H. G Multistore v5. 1. 0 and below was discovered to contain a SQL injection vulnerability via / admin/ admin. php? module= admin_group_edit& agID
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] H . H . G Multi ##sto ##re v ##5 . 1 . 0 and below was di sc over ##ed to contain a SQL inject ion vulnerability via / admin / admin . php ? mod ul ##e = admin _ group _ edit & a ##g ##ID . [SEP]
LRP (+Pred, pos-only)[CLS] H . H . G Multi ##sto ##re v ##5 . 1 . 0 and below was di sc over ##ed to contain a SQL inject ion vulnerability via / admin / admin . php ? mod ul ##e = admin _ group _ edit & a ##g ##ID . [SEP]
LIME (words)H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.
SHAP (words)H. H. G Multistore v5. 1. 0 and below was discovered to contain a SQL injection vulnerability via / admin/ admin. php? module= admin_group_edit& agID
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] H . H . G Multi ##sto ##re v ##5 . 1 . 0 and below was di sc over ##ed to contain a SQL inject ion vulnerability via / admin / admin . php ? mod ul ##e = admin _ group _ edit & a ##g ##ID . [SEP]
LRP (+Pred, pos-only)[CLS] H . H . G Multi ##sto ##re v ##5 . 1 . 0 and below was di sc over ##ed to contain a SQL inject ion vulnerability via / admin / admin . php ? mod ul ##e = admin _ group _ edit & a ##g ##ID . [SEP]
LIME (words)H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.
SHAP (words)H. H. G Multistore v5. 1. 0 and below was discovered to contain a SQL injection vulnerability via / admin/ admin. php? module= admin_group_edit& agID
Download method SVGs Download ALL-in-one SVG
#68 · cve_id CVE-2021-37556 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁ SQL inject ▁ ion ▁vulnerability ▁in ▁reporting ▁export ▁in Centreon ▁before ▁20 . 04 . 14 ▁20 . 10 . 8 ▁and ▁21 . 04 . 2 ▁allows ▁remote authenticated ▁ ( but low-privileged ▁ ) ▁attackers ▁to ▁execute ▁arbitrary ▁ SQL ▁commands ▁via ▁the ▁include / report ing / dashboard ▁ / csv Export ▁ / csv ▁_ Ho st Group Logs ▁ . php ▁start ▁and ▁end param ▁ eter s . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A SQL injection vulnerability in reporting export in Centreon before 20.04.14 20.10.8 and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.
SHAP (words)A SQL injection vulnerability in reporting export in Centreon before 20. 04. 14 20. 10. 8 and 21. 04. 2 allows remote authenticated ( but low- privileged) attackers to execute arbitrary SQL commands via the include/ reporting/ dashboard/ csvExport/ csv_HostGroupLogs. php start and end parameters
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A SQL inject ion vulnerability in reporting export in Centreon before 20 . 04 . 14 20 . 10 . 8 and 21 . 04 . 2 allows remote authenticated ( but low-privileged ) attackers to exec u ##te arbitrary SQL commands via the include / reporting / dashboard / csv Export / csv _ Host ##G ##roup Logs . php s tar t and end param et ##ers . [SEP]
LRP (+Pred, pos-only)[CLS] A SQL inject ion vulnerability in reporting export in Centreon before 20 . 04 . 14 20 . 10 . 8 and 21 . 04 . 2 allows remote authenticated ( but low-privileged ) attackers to exec u ##te arbitrary SQL commands via the include / reporting / dashboard / csv Export / csv _ Host ##G ##roup Logs . php s tar t and end param et ##ers . [SEP]
LIME (words)A SQL injection vulnerability in reporting export in Centreon before 20.04.14 20.10.8 and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.
SHAP (words)A SQL injection vulnerability in reporting export in Centreon before 20. 04. 14 20. 10. 8 and 21. 04. 2 allows remote authenticated ( but low- privileged) attackers to execute arbitrary SQL commands via the include/ reporting/ dashboard/ csvExport/ csv_HostGroupLogs. php start and end parameters
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A SQL inject ion vulnerability in reporting export in Centreon before 20 . 04 . 14 20 . 10 . 8 and 21 . 04 . 2 allows remote authenticated ( but low-privileged ) attackers to exec u ##te arbitrary SQL commands via the include / reporting / dashboard / csv Export / csv _ Host ##G ##roup Logs . php s tar t and end param et ##ers . [SEP]
LRP (+Pred, pos-only)[CLS] A SQL inject ion vulnerability in reporting export in Centreon before 20 . 04 . 14 20 . 10 . 8 and 21 . 04 . 2 allows remote authenticated ( but low-privileged ) attackers to exec u ##te arbitrary SQL commands via the include / reporting / dashboard / csv Export / csv _ Host ##G ##roup Logs . php s tar t and end param et ##ers . [SEP]
LIME (words)A SQL injection vulnerability in reporting export in Centreon before 20.04.14 20.10.8 and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.
SHAP (words)A SQL injection vulnerability in reporting export in Centreon before 20. 04. 14 20. 10. 8 and 21. 04. 2 allows remote authenticated ( but low- privileged) attackers to execute arbitrary SQL commands via the include/ reporting/ dashboard/ csvExport/ csv_HostGroupLogs. php start and end parameters
Download method SVGs Download ALL-in-one SVG
#69 · cve_id CVE-2012-0055 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Overlay ▁ FS ▁in ▁the ▁Linux ▁kernel ▁before ▁3 . 0 . 0 - 16 . 28 ▁as ▁used ▁in Ubuntu ▁10 . 0 . 4 LTS ▁and ▁11 . 10 ▁is ▁mi ssi ▁ ng inode ▁security ▁checks ▁which ▁could ▁allow ▁attackers ▁to ▁bypass ▁security ▁restrictions ▁and ▁perform unauthorized ▁actions . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)OverlayFS in the Linux kernel before 3.0.0-16.28 as used in Ubuntu 10.0.4 LTS and 11.10 is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
SHAP (words)OverlayFS in the Linux kernel before 3. 0. 0- 16. 28 as used in Ubuntu 10. 0. 4 LTS and 11. 10 is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Overlay FS in the Linux kernel before 3 . 0 . 0 - 16 . 28 as used in Ubuntu 10 . 0 . 4 LTS and 11 . 10 is mi ssi ng inode se ##c uri t ##y checks which could allow attackers to bypass se ##c uri t ##y restrictions and perform unauthorized actions . [SEP]
LRP (+Pred, pos-only)[CLS] Overlay FS in the Linux kernel before 3 . 0 . 0 - 16 . 28 as used in Ubuntu 10 . 0 . 4 LTS and 11 . 10 is mi ssi ng inode se ##c uri t ##y checks which could allow attackers to bypass se ##c uri t ##y restrictions and perform unauthorized actions . [SEP]
LIME (words)OverlayFS in the Linux kernel before 3.0.0-16.28 as used in Ubuntu 10.0.4 LTS and 11.10 is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
SHAP (words)OverlayFS in the Linux kernel before 3. 0. 0- 16. 28 as used in Ubuntu 10. 0. 4 LTS and 11. 10 is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Overlay FS in the Linux kernel before 3 . 0 . 0 - 16 . 28 as used in Ubuntu 10 . 0 . 4 LTS and 11 . 10 is mi ssi ng inode se ##c uri t ##y checks which could allow attackers to bypass se ##c uri t ##y restrictions and perform unauthorized actions . [SEP]
LRP (+Pred, pos-only)[CLS] Overlay FS in the Linux kernel before 3 . 0 . 0 - 16 . 28 as used in Ubuntu 10 . 0 . 4 LTS and 11 . 10 is mi ssi ng inode se ##c uri t ##y checks which could allow attackers to bypass se ##c uri t ##y restrictions and perform unauthorized actions . [SEP]
LIME (words)OverlayFS in the Linux kernel before 3.0.0-16.28 as used in Ubuntu 10.0.4 LTS and 11.10 is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
SHAP (words)OverlayFS in the Linux kernel before 3. 0. 0- 16. 28 as used in Ubuntu 10. 0. 4 LTS and 11. 10 is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions
Download method SVGs Download ALL-in-one SVG
#70 · cve_id CVE-2020-15226 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In GLPI ▁before ▁version ▁9 . 5 . 2 ▁there ▁is ▁a ▁ SQL Injection ▁in ▁the ▁API ' s ▁search ▁function . ▁Not ▁only ▁is ▁it ▁po ssi ▁ ble ▁to ▁break ▁the ▁ SQL ▁syntax ▁but ▁it ▁is ▁also ▁po ssi ▁ ble ▁to ▁utilise ▁a ▁UN ION SELECT query ▁to ▁reflect ▁sensitive ▁in for matio ▁ n ▁such ▁as ▁the ▁current ▁database ▁version ▁or ▁database ▁user . ▁The ▁most ▁likely sc ▁ en ario ▁for ▁this ▁vulnerability ▁is ▁with ▁someone ▁who ▁has ▁an ▁API ▁account ▁to ▁the ▁system . ▁The ▁issue ▁is patched ▁in ▁version ▁9 . 5 . 2 . ▁A ▁proof - of -c ▁on cept ▁with ▁technical ▁details ▁is ▁available ▁in ▁the ▁linked ▁advisory . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In GLPI before version 9.5.2 there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.
SHAP (words)In GLPI before version 9. 5. 2 there is a SQL Injection in the API' s search function. Not only is it possible to break the SQL syntax but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9. 5. 2. A proof- of- concept with technical details is available in the linked advisory
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In GLPI before version 9 . 5 . 2 there is a SQL Injection in the A PI ' s search function . Not only is it p ##o ssi b ##le to break the SQL syntax but it is also p ##o ssi b ##le to u ##til ##ise a UN ION SELECT query to reflect sensitive info ##r matio n such as the current da tab as ##e version or da tab as ##e user . The most likely sc en ##ario for this vulnerability is with someone who has an A PI account to the system . The issue is patched in version 9 . 5 . 2 . A proof - of -c once ##pt with technical details is available in the linked advisory . [SEP]
LRP (+Pred, pos-only)[CLS] In GLPI before version 9 . 5 . 2 there is a SQL Injection in the A PI ' s search function . Not only is it p ##o ssi b ##le to break the SQL syntax but it is also p ##o ssi b ##le to u ##til ##ise a UN ION SELECT query to reflect sensitive info ##r matio n such as the current da tab as ##e version or da tab as ##e user . The most likely sc en ##ario for this vulnerability is with someone who has an A PI account to the system . The issue is patched in version 9 . 5 . 2 . A proof - of -c once ##pt with technical details is available in the linked advisory . [SEP]
LIME (words)In GLPI before version 9.5.2 there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.
SHAP (words)In GLPI before version 9. 5. 2 there is a SQL Injection in the API' s search function. Not only is it possible to break the SQL syntax but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9. 5. 2. A proof- of- concept with technical details is available in the linked advisory
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In GLPI before version 9 . 5 . 2 there is a SQL Injection in the A PI ' s search function . Not only is it p ##o ssi b ##le to break the SQL syntax but it is also p ##o ssi b ##le to u ##til ##ise a UN ION SELECT query to reflect sensitive info ##r matio n such as the current da tab as ##e version or da tab as ##e user . The most likely sc en ##ario for this vulnerability is with someone who has an A PI account to the system . The issue is patched in version 9 . 5 . 2 . A proof - of -c once ##pt with technical details is available in the linked advisory . [SEP]
LRP (+Pred, pos-only)[CLS] In GLPI before version 9 . 5 . 2 there is a SQL Injection in the A PI ' s search function . Not only is it p ##o ssi b ##le to break the SQL syntax but it is also p ##o ssi b ##le to u ##til ##ise a UN ION SELECT query to reflect sensitive info ##r matio n such as the current da tab as ##e version or da tab as ##e user . The most likely sc en ##ario for this vulnerability is with someone who has an A PI account to the system . The issue is patched in version 9 . 5 . 2 . A proof - of -c once ##pt with technical details is available in the linked advisory . [SEP]
LIME (words)In GLPI before version 9.5.2 there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.
SHAP (words)In GLPI before version 9. 5. 2 there is a SQL Injection in the API' s search function. Not only is it possible to break the SQL syntax but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9. 5. 2. A proof- of- concept with technical details is available in the linked advisory
Download method SVGs Download ALL-in-one SVG
#71 · cve_id CVE-2020-11051 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In ▁ Wiki . js ▁before ▁2 . 3 . 81 ▁there ▁is ▁a ▁stored XSS ▁in ▁the Markdown ▁editor . ▁An ▁editor ▁with ▁write ▁access ▁to ▁a ▁page ▁using ▁the Markdown ▁editor ▁could inject ▁an XSS ▁payload ▁into ▁the ▁content . ▁If ▁another ▁editor ▁ ( with ▁write ▁access ▁as ▁well ) ▁load ▁the ▁same ▁page ▁into ▁the Markdown ▁editor ▁the XSS ▁payload ▁will ▁be ▁executed ▁as ▁part ▁of ▁the ▁preview ▁panel . ▁The ▁rendered ▁result ▁does ▁not ▁contain ▁the XSS ▁payload ▁as ▁it ▁is ▁stripped ▁by ▁the HTML ▁San it ization ▁security ▁module . ▁This ▁vulnerability ▁only ▁impacts ▁editors ▁loading ▁the malicious ▁page ▁in ▁the Markdown ▁editor . ▁This ▁has ▁been patched ▁in ▁2 . 3 . 81 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In Wiki.js before 2.3.81 there is a stored XSS in the Markdown editor. An editor with write access to a page using the Markdown editor could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81.
SHAP (words)In Wiki. js before 2. 3. 81 there is a stored XSS in the Markdown editor. An editor with write access to a page using the Markdown editor could inject an XSS payload into the content. If another editor ( with write access as well) load the same page into the Markdown editor the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2. 3. 81
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In Wiki . js before 2 . 3 . 81 there is a stored XSS in the Markdown editor . An editor with w ##r ite access to a page using the Markdown editor could inject an XSS payload int o the content . If another editor ( with w ##r ite access as well ) load the same page int o the Markdown editor the XSS payload will be exec u ##ted as part of the preview panel . The rendered result does not contain the XSS payload as it is s ##tr ip p ##ed by the HTML San ##iti ##zation se ##c uri t ##y mod ul ##e . This vulnerability only impacts editors loading the malicious page in the Markdown editor . This has been patched in 2 . 3 . 81 . [SEP]
LRP (+Pred, pos-only)[CLS] In Wiki . js before 2 . 3 . 81 there is a stored XSS in the Markdown editor . An editor with w ##r ite access to a page using the Markdown editor could inject an XSS payload int o the content . If another editor ( with w ##r ite access as well ) load the same page int o the Markdown editor the XSS payload will be exec u ##ted as part of the preview panel . The rendered result does not contain the XSS payload as it is s ##tr ip p ##ed by the HTML San ##iti ##zation se ##c uri t ##y mod ul ##e . This vulnerability only impacts editors loading the malicious page in the Markdown editor . This has been patched in 2 . 3 . 81 . [SEP]
LIME (words)In Wiki.js before 2.3.81 there is a stored XSS in the Markdown editor. An editor with write access to a page using the Markdown editor could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81.
SHAP (words)In Wiki. js before 2. 3. 81 there is a stored XSS in the Markdown editor. An editor with write access to a page using the Markdown editor could inject an XSS payload into the content. If another editor ( with write access as well) load the same page into the Markdown editor the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2. 3. 81
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In Wiki . js before 2 . 3 . 81 there is a stored XSS in the Markdown editor . An editor with w ##r ite access to a page using the Markdown editor could inject an XSS payload int o the content . If another editor ( with w ##r ite access as well ) load the same page int o the Markdown editor the XSS payload will be exec u ##ted as part of the preview panel . The rendered result does not contain the XSS payload as it is s ##tr ip p ##ed by the HTML San ##iti ##zation se ##c uri t ##y mod ul ##e . This vulnerability only impacts editors loading the malicious page in the Markdown editor . This has been patched in 2 . 3 . 81 . [SEP]
LRP (+Pred, pos-only)[CLS] In Wiki . js before 2 . 3 . 81 there is a stored XSS in the Markdown editor . An editor with w ##r ite access to a page using the Markdown editor could inject an XSS payload int o the content . If another editor ( with w ##r ite access as well ) load the same page int o the Markdown editor the XSS payload will be exec u ##ted as part of the preview panel . The rendered result does not contain the XSS payload as it is s ##tr ip p ##ed by the HTML San ##iti ##zation se ##c uri t ##y mod ul ##e . This vulnerability only impacts editors loading the malicious page in the Markdown editor . This has been patched in 2 . 3 . 81 . [SEP]
LIME (words)In Wiki.js before 2.3.81 there is a stored XSS in the Markdown editor. An editor with write access to a page using the Markdown editor could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81.
SHAP (words)In Wiki. js before 2. 3. 81 there is a stored XSS in the Markdown editor. An editor with write access to a page using the Markdown editor could inject an XSS payload into the content. If another editor ( with write access as well) load the same page into the Markdown editor the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2. 3. 81
Download method SVGs Download ALL-in-one SVG
#72 · cve_id CVE-2022-28071 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁use ▁after ▁free ▁in ▁ r _ reg _ get _ name _ id x ▁function ▁in ▁radar e 2 ▁5 . 4 . 2 ▁and ▁5 . 4 . 0 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
SHAP (words)A use after free in r_reg_get_name_idx function in radare2 5. 4. 2 and 5. 4. 0
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A use after free in r _ re ##g _ get _ name _ id ##x function in radar ##e ##2 5 . 4 . 2 and 5 . 4 . 0 . [SEP]
LRP (+Pred, pos-only)[CLS] A use after free in r _ re ##g _ get _ name _ id ##x function in radar ##e ##2 5 . 4 . 2 and 5 . 4 . 0 . [SEP]
LIME (words)A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
SHAP (words)A use after free in r_reg_get_name_idx function in radare2 5. 4. 2 and 5. 4. 0
lrp-distilbert · Pred=NONE (0) · p=0.96 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A use after free in r _ re ##g _ get _ name _ id ##x function in radar ##e ##2 5 . 4 . 2 and 5 . 4 . 0 . [SEP]
LRP (+Pred, pos-only)[CLS] A use after free in r _ re ##g _ get _ name _ id ##x function in radar ##e ##2 5 . 4 . 2 and 5 . 4 . 0 . [SEP]
LIME (words)A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
SHAP (words)A use after free in r_reg_get_name_idx function in radare2 5. 4. 2 and 5. 4. 0
Download method SVGs Download ALL-in-one SVG
#73 · cve_id CVE-2022-0084 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A flaw ▁was ▁found ▁in ▁X N IO spec ▁if ically ▁in ▁the ▁notify Read Close d ▁method . ▁The ▁issue ▁revealed ▁this ▁method ▁was ▁logging ▁a ▁message ▁to ▁another ▁expected ▁end . ▁This flaw ▁allows ▁an ▁attacker ▁to ▁send flawed ▁requests ▁to ▁a ▁server ▁po ssi ▁ b ly ▁causing ▁log ▁contention - related ▁performance ▁concerns ▁or ▁an ▁unwanted ▁disk ▁fill - up . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A flaw was found in XNIO specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server possibly causing log contention-related performance concerns or an unwanted disk fill-up.
SHAP (words)A flaw was found in XNIO specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server possibly causing log contention- related performance concerns or an unwanted disk fill- up
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A flaw was found in X ##N IO spec if ##ically in the not ##ify ##R ##ead ##C ##lose ##d method . The issue revealed this method was logging a message to another expected end . This flaw allows an attacker to send flawed requests to a server p ##o ssi b ##ly causing log contention - related performance concerns or an unwanted disk fill - up . [SEP]
LRP (+Pred, pos-only)[CLS] A flaw was found in X ##N IO spec if ##ically in the not ##ify ##R ##ead ##C ##lose ##d method . The issue revealed this method was logging a message to another expected end . This flaw allows an attacker to send flawed requests to a server p ##o ssi b ##ly causing log contention - related performance concerns or an unwanted disk fill - up . [SEP]
LIME (words)A flaw was found in XNIO specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server possibly causing log contention-related performance concerns or an unwanted disk fill-up.
SHAP (words)A flaw was found in XNIO specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server possibly causing log contention- related performance concerns or an unwanted disk fill- up
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A flaw was found in X ##N IO spec if ##ically in the not ##ify ##R ##ead ##C ##lose ##d method . The issue revealed this method was logging a message to another expected end . This flaw allows an attacker to send flawed requests to a server p ##o ssi b ##ly causing log contention - related performance concerns or an unwanted disk fill - up . [SEP]
LRP (+Pred, pos-only)[CLS] A flaw was found in X ##N IO spec if ##ically in the not ##ify ##R ##ead ##C ##lose ##d method . The issue revealed this method was logging a message to another expected end . This flaw allows an attacker to send flawed requests to a server p ##o ssi b ##ly causing log contention - related performance concerns or an unwanted disk fill - up . [SEP]
LIME (words)A flaw was found in XNIO specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server possibly causing log contention-related performance concerns or an unwanted disk fill-up.
SHAP (words)A flaw was found in XNIO specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server possibly causing log contention- related performance concerns or an unwanted disk fill- up
Download method SVGs Download ALL-in-one SVG
#74 · cve_id CVE-2021-32003 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Unprotected ▁Transport ▁of Credentials ▁vulnerability ▁in ▁Site Manage ▁ r provisioning ▁service ▁allows ▁local ▁attacker ▁to ▁c apt ▁ ure credential ▁ s ▁if ▁the ▁service ▁is ▁used ▁after provisioning ▁ . ▁This ▁issue ▁affects : Secomea ▁Site Manage ▁ r ▁All ▁versions ▁prior ▁to ▁9 . 5 ▁on Hardware ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
SHAP (words)Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9. 5 on Hardware
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Unprotected Transport of Credentials vulnerability in S ite Manage r provisioning service allows local attacker to c apt u ##re credential s if the service is used after provisioning . This issue affects : Secomea S ite Manage r All versions prior to 9 . 5 on Hardware . [SEP]
LRP (+Pred, pos-only)[CLS] Unprotected Transport of Credentials vulnerability in S ite Manage r provisioning service allows local attacker to c apt u ##re credential s if the service is used after provisioning . This issue affects : Secomea S ite Manage r All versions prior to 9 . 5 on Hardware . [SEP]
LIME (words)Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
SHAP (words)Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9. 5 on Hardware
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Unprotected Transport of Credentials vulnerability in S ite Manage r provisioning service allows local attacker to c apt u ##re credential s if the service is used after provisioning . This issue affects : Secomea S ite Manage r All versions prior to 9 . 5 on Hardware . [SEP]
LRP (+Pred, pos-only)[CLS] Unprotected Transport of Credentials vulnerability in S ite Manage r provisioning service allows local attacker to c apt u ##re credential s if the service is used after provisioning . This issue affects : Secomea S ite Manage r All versions prior to 9 . 5 on Hardware . [SEP]
LIME (words)Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
SHAP (words)Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9. 5 on Hardware
Download method SVGs Download ALL-in-one SVG
#75 · cve_id CVE-2021-30205 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Incorrect ▁access ▁control ▁in ▁the ▁component ▁ / index . php ? mod = system & op = org tree ▁of ▁ d zz office ▁2 . 02 . 1 _ SC _ UT F 8 ▁allows unauthenticated ▁attackers ▁to browse ▁departments ▁and usernames ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
SHAP (words)Incorrect access control in the component / index. php? mod= system& op= orgtree of dzzoffice 2. 02. 1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Incorrect access control in the component / index . php ? mod = system & op = org ##tree of d ##zzo ##ff ##ice 2 . 02 . 1 _ SC _ U ##TF ##8 allows unauthenticated attackers to browse departments and usernames . [SEP]
LRP (+Pred, pos-only)[CLS] Incorrect access control in the component / index . php ? mod = system & op = org ##tree of d ##zzo ##ff ##ice 2 . 02 . 1 _ SC _ U ##TF ##8 allows unauthenticated attackers to browse departments and usernames . [SEP]
LIME (words)Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
SHAP (words)Incorrect access control in the component / index. php? mod= system& op= orgtree of dzzoffice 2. 02. 1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Incorrect access control in the component / index . php ? mod = system & op = org ##tree of d ##zzo ##ff ##ice 2 . 02 . 1 _ SC _ U ##TF ##8 allows unauthenticated attackers to browse departments and usernames . [SEP]
LRP (+Pred, pos-only)[CLS] Incorrect access control in the component / index . php ? mod = system & op = org ##tree of d ##zzo ##ff ##ice 2 . 02 . 1 _ SC _ U ##TF ##8 allows unauthenticated attackers to browse departments and usernames . [SEP]
LIME (words)Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
SHAP (words)Incorrect access control in the component / index. php? mod= system& op= orgtree of dzzoffice 2. 02. 1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames
Download method SVGs Download ALL-in-one SVG
#76 · cve_id CVE-2021-38186 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁the ▁com rak crate ▁before ▁0 . 10 . 1 ▁for Rust ▁ . ▁It mishandles ▁& ▁characters ▁leading ▁to XSS ▁via ▁& # HTML ▁entities . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters leading to XSS via HTML entities.
SHAP (words)An issue was discovered in the comrak crate before 0. 10. 1 for Rust. It mishandles & characters leading to XSS via HTML entities
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in the com ##rak crate before 0 . 10 . 1 for Rust . It mishandles & char act ##ers leading to XSS via & # HTML entities . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in the com ##rak crate before 0 . 10 . 1 for Rust . It mishandles & char act ##ers leading to XSS via & # HTML entities . [SEP]
LIME (words)An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters leading to XSS via HTML entities.
SHAP (words)An issue was discovered in the comrak crate before 0. 10. 1 for Rust. It mishandles & characters leading to XSS via HTML entities
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in the com ##rak crate before 0 . 10 . 1 for Rust . It mishandles & char act ##ers leading to XSS via & # HTML entities . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in the com ##rak crate before 0 . 10 . 1 for Rust . It mishandles & char act ##ers leading to XSS via & # HTML entities . [SEP]
LIME (words)An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters leading to XSS via HTML entities.
SHAP (words)An issue was discovered in the comrak crate before 0. 10. 1 for Rust. It mishandles & characters leading to XSS via HTML entities
Download method SVGs Download ALL-in-one SVG
#77 · cve_id CVE-2019-18219 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Site magic CMS ▁4 . 4 . 1 ▁is ▁affected ▁by ▁a Cross-Site-Scripting ▁ ( XSS ▁ ) ▁vulnerability ▁as ▁it ▁fails ▁to validate ▁user ▁input . ▁The ▁affected ▁components ▁ ( index . php ▁upgrade . php ) ▁allow ▁for JavaScript inject ▁ ion ▁within ▁both ▁ GET ▁or POST ▁requests ▁via ▁a ▁crafted URL ▁or ▁via ▁the Upgrade ▁Mode POST param ▁ eter . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability as it fails to validate user input. The affected components (index.php upgrade.php) allow for JavaScript injection within both GET or POST requests via a crafted URL or via the UpgradeMode POST parameter.
SHAP (words)Sitemagic CMS 4. 4. 1 is affected by a Cross- Site- Scripting ( XSS) vulnerability as it fails to validate user input. The affected components ( index. php upgrade. php) allow for JavaScript injection within both GET or POST requests via a crafted URL or via the UpgradeMode POST parameter
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] S ite magic CMS 4 . 4 . 1 is affected by a Cross-Site-Scripting ( XSS ) vulnerability as it fails to validate user input . The affected components ( index . php upgrade . php ) allow for JavaScript inject ion within bot h GET or POST requests via a crafted URL or via the Upgrade Mode POST param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] S ite magic CMS 4 . 4 . 1 is affected by a Cross-Site-Scripting ( XSS ) vulnerability as it fails to validate user input . The affected components ( index . php upgrade . php ) allow for JavaScript inject ion within bot h GET or POST requests via a crafted URL or via the Upgrade Mode POST param et ##er . [SEP]
LIME (words)Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability as it fails to validate user input. The affected components (index.php upgrade.php) allow for JavaScript injection within both GET or POST requests via a crafted URL or via the UpgradeMode POST parameter.
SHAP (words)Sitemagic CMS 4. 4. 1 is affected by a Cross- Site- Scripting ( XSS) vulnerability as it fails to validate user input. The affected components ( index. php upgrade. php) allow for JavaScript injection within both GET or POST requests via a crafted URL or via the UpgradeMode POST parameter
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] S ite magic CMS 4 . 4 . 1 is affected by a Cross-Site-Scripting ( XSS ) vulnerability as it fails to validate user input . The affected components ( index . php upgrade . php ) allow for JavaScript inject ion within bot h GET or POST requests via a crafted URL or via the Upgrade Mode POST param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] S ite magic CMS 4 . 4 . 1 is affected by a Cross-Site-Scripting ( XSS ) vulnerability as it fails to validate user input . The affected components ( index . php upgrade . php ) allow for JavaScript inject ion within bot h GET or POST requests via a crafted URL or via the Upgrade Mode POST param et ##er . [SEP]
LIME (words)Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability as it fails to validate user input. The affected components (index.php upgrade.php) allow for JavaScript injection within both GET or POST requests via a crafted URL or via the UpgradeMode POST parameter.
SHAP (words)Sitemagic CMS 4. 4. 1 is affected by a Cross- Site- Scripting ( XSS) vulnerability as it fails to validate user input. The affected components ( index. php upgrade. php) allow for JavaScript injection within both GET or POST requests via a crafted URL or via the UpgradeMode POST parameter
Download method SVGs Download ALL-in-one SVG
#78 · cve_id CVE-2022-35250 · ui
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁privilege escalation ▁vulnerability ▁exists ▁in ▁Rocket . cha t ▁< v 5 ▁which ▁made ▁it ▁po ssi ▁ ble ▁to elevate ▁privileges ▁for ▁any authenticated ▁user ▁to ▁view ▁Direct ▁messages ▁without ▁appropriate permissions ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.
SHAP (words)A privilege escalation vulnerability exists in Rocket. chat < v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions
lrp-bert · Pred=NONE (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A privilege escalation vulnerability exists in Rocket . chat < v ##5 which made it p ##o ssi b ##le to elevate privileges for any authenticated user to view Direct messages without appropriate permissions . [SEP]
LRP (+Pred, pos-only)[CLS] A privilege escalation vulnerability exists in Rocket . chat < v ##5 which made it p ##o ssi b ##le to elevate privileges for any authenticated user to view Direct messages without appropriate permissions . [SEP]
LIME (words)A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.
SHAP (words)A privilege escalation vulnerability exists in Rocket. chat < v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions
lrp-distilbert · Pred=NONE (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A privilege escalation vulnerability exists in Rocket . chat < v ##5 which made it p ##o ssi b ##le to elevate privileges for any authenticated user to view Direct messages without appropriate permissions . [SEP]
LRP (+Pred, pos-only)[CLS] A privilege escalation vulnerability exists in Rocket . chat < v ##5 which made it p ##o ssi b ##le to elevate privileges for any authenticated user to view Direct messages without appropriate permissions . [SEP]
LIME (words)A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.
SHAP (words)A privilege escalation vulnerability exists in Rocket. chat < v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions
Download method SVGs Download ALL-in-one SVG
#79 · cve_id CVE-2022-21841 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Microsoft Excel Remote ▁Code Execution Vulnerability <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Microsoft Excel Remote Code Execution Vulnerability
SHAP (words)Microsoft Excel Remote Code Execution Vulnerability
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Microsoft Excel Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)[CLS] Microsoft Excel Remote Code Execution Vulnerability [SEP]
LIME (words)Microsoft Excel Remote Code Execution Vulnerability
SHAP (words)Microsoft Excel Remote Code Execution Vulnerability
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Microsoft Excel Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)[CLS] Microsoft Excel Remote Code Execution Vulnerability [SEP]
LIME (words)Microsoft Excel Remote Code Execution Vulnerability
SHAP (words)Microsoft Excel Remote Code Execution Vulnerability
Download method SVGs Download ALL-in-one SVG
#80 · cve_id CVE-2023-6134 · ui
GT=REQUIRED (1)
xlnet · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A flaw ▁was ▁found ▁in Keycloak ▁that ▁prevents ▁certain sc ▁he mes ▁in redirects ▁but ▁permits ▁them ▁if ▁a wildcard ▁is appended ▁to ▁the ▁token . ▁This ▁issue ▁could ▁allow ▁an ▁attacker ▁to ▁submit ▁a spec ▁ i ally ▁crafted ▁request ▁leading ▁to cross-site scripting ▁ ( XSS ▁ ) ▁or ▁further ▁attacks . ▁This flaw ▁is ▁the ▁result ▁of ▁an ▁incomplete ▁fix ▁for CVE ▁ - 20 20 - 10 7 48 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A flaw was found in Keycloak that prevents certain schemes in redirects but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
SHAP (words)A flaw was found in Keycloak that prevents certain schemes in redirects but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross- site scripting ( XSS) or further attacks. This flaw is the result of an incomplete fix for CVE- 2020- 10748
lrp-bert · Pred=REQUIRED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A flaw was found in Keycloak that prevents certain sc hem ##es in redirects but permits them if a wildcard is appended to the token . This issue could allow an attacker to submit a spec i ##ally crafted request leading to cross-site scripting ( XSS ) or further attacks . This flaw is the result of an incomplete fix for CVE - 2020 - 107 ##48 . [SEP]
LRP (+Pred, pos-only)[CLS] A flaw was found in Keycloak that prevents certain sc hem ##es in redirects but permits them if a wildcard is appended to the token . This issue could allow an attacker to submit a spec i ##ally crafted request leading to cross-site scripting ( XSS ) or further attacks . This flaw is the result of an incomplete fix for CVE - 2020 - 107 ##48 . [SEP]
LIME (words)A flaw was found in Keycloak that prevents certain schemes in redirects but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
SHAP (words)A flaw was found in Keycloak that prevents certain schemes in redirects but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross- site scripting ( XSS) or further attacks. This flaw is the result of an incomplete fix for CVE- 2020- 10748
lrp-distilbert · Pred=REQUIRED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A flaw was found in Keycloak that prevents certain sc hem ##es in redirects but permits them if a wildcard is appended to the token . This issue could allow an attacker to submit a spec i ##ally crafted request leading to cross-site scripting ( XSS ) or further attacks . This flaw is the result of an incomplete fix for CVE - 2020 - 107 ##48 . [SEP]
LRP (+Pred, pos-only)[CLS] A flaw was found in Keycloak that prevents certain sc hem ##es in redirects but permits them if a wildcard is appended to the token . This issue could allow an attacker to submit a spec i ##ally crafted request leading to cross-site scripting ( XSS ) or further attacks . This flaw is the result of an incomplete fix for CVE - 2020 - 107 ##48 . [SEP]
LIME (words)A flaw was found in Keycloak that prevents certain schemes in redirects but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
SHAP (words)A flaw was found in Keycloak that prevents certain schemes in redirects but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross- site scripting ( XSS) or further attacks. This flaw is the result of an incomplete fix for CVE- 2020- 10748
Download method SVGs Download ALL-in-one SVG